Front-Running Vulnerability in Asset Listing Function Allows Buyer to Exploit Increased Royalty Fees
Summary
A front-running vulnerability exists within the list function, allowing buyers to increase royalty fees immediately before listing an asset. This manipulation exploits the lack of fee calculation and locking mechanisms at the listing phase, enabling buyers to unfairly inflate the royalty fee that sellers are obligated to pay in the transferRoyalties function.
Vulnerability Details
The list function depends on the buyer's royalty fee, fetched via buyer.royaltyFee() at the time of listing. However, since royalty fees are calculated after this step in the transferRoyalties function, a buyer could potentially increase the royalty fee directly before listing, forcing the seller to pay a higher amount than expected. The code does not lock the royalty fee percentage or validate any changes once an asset is listed. This lack of locking on fees allows buyers to influence the royalty payment unfairly.
Impact
This vulnerability could result in sellers paying inflated royalty fees. Since the transferRoyalties function calculates fees based on the royalty percentage during execution, buyers can unilaterally modify their fees, which could lead to significant financial exploitation of sellers.
Tools Used
Manual Review
Recommendations
Consider a maxPayAmount to prevent such case
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.