Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Loss of funds due to front-running

maushishreal

Summary

Malicious actors could simply pay more fees and end the auction making other users requests invalid

Vulnerability Details

As auctionEnd is a user-side function anyone can call this and end the auction if all the conditions are met.

function auctionEnd() external {
if (block.timestamp < auctionEndTime) {
revert AuctionNotYetEnded();
}
if (ended) {
revert AuctionEndAlreadyCalled();
}
ended = true;
emit AuctionEnded(totalBids, totalTokens);
if (totalBids == 0) {
auctionToken.transfer(owner, totalTokens);
return;
}
multiplier = totalTokens.mul(PRECISION_18).div(totalBids);
// Burn the FjordPoints held by the contract
uint256 pointsToBurn = fjordPoints.balanceOf(address(this));
fjordPoints.burn(pointsToBurn);
}

Scenario
The auction will be ending on 5 Sept at 2:00 PM

  1. User A called unbid with all of his amounts on 5 Sept at 2:00 PM.

  2. User B saw this txn in mempool and called auctionEnd() with more gas fees bypassing User A's request to unbind the points.

Impact

Loss of funds and trust among users.

Tools Used

Manual Review

Recommendations

  • introduce an automated bot that ends the auction at the correct time and generates a user-side warning for this front-running issue.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Appeal created

maushishreal Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.