Unprotected chop Function Vulnerable to Front-Running
Vulnerability Details
The chop function does not include any mechanisms to prevent front-running. When a user initiates a chop operation, their transaction is broadcast to the Ethereum network and enters the mempool. An attacker can monitor the mempool for pending chop transactions and then submit their own transaction with a higher gas price to be executed before the original transaction. This allows the attacker to manipulate the price of the Ripe Token before the original user's chop operation is executed, potentially leading to financial losses for the original user.
Impact
The lack of front-running protection in the chop function can lead to financial losses for users as attackers can exploit the timing of transactions to their advantage. This can result in users receiving a less favorable exchange rate for their chopped tokens due to market manipulation by the attacker.
Tools Used
Manual Review
Recommendations
Implement a two-phase commit-reveal process to obscure the details of a transaction until it's finalized.
Introduce a time-lock mechanism to prevent immediate execution after submission.
Enforce a maximum gas price on transactions to reduce the incentive for front-running.
Use private transactions or relayers to batch and execute trades away from the public mempool.
Lead Judging Commences
Front-running
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.