DeFiHardhat
35,000 USDC
View results
Submission Details
Severity: low
Invalid

Unprotected chop Function Vulnerable to Front-Running

Vulnerability Details

The chop function does not include any mechanisms to prevent front-running. When a user initiates a chop operation, their transaction is broadcast to the Ethereum network and enters the mempool. An attacker can monitor the mempool for pending chop transactions and then submit their own transaction with a higher gas price to be executed before the original transaction. This allows the attacker to manipulate the price of the Ripe Token before the original user's chop operation is executed, potentially leading to financial losses for the original user.

Impact

The lack of front-running protection in the chop function can lead to financial losses for users as attackers can exploit the timing of transactions to their advantage. This can result in users receiving a less favorable exchange rate for their chopped tokens due to market manipulation by the attacker.

Tools Used

Manual Review

Recommendations

  1. Implement a two-phase commit-reveal process to obscure the details of a transaction until it's finalized.

  2. Introduce a time-lock mechanism to prevent immediate execution after submission.

  3. Enforce a maximum gas price on transactions to reduce the incentive for front-running.

  4. Use private transactions or relayers to batch and execute trades away from the public mempool.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Front-running

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.