Submission Details
Severity:
[M-2] Front-running vulnerability in changeHost function
Summary
The changeHost function can be front-run by the current host to prevent transfer of control.
Vulnerability Details
function changeHost(address _newHost) external onlyHost {
if(!participant[_newHost]) {
revert OnlyParticipantsCanBeHost();
}
host = _newHost;
emit NewHost(host);
}
Impact
Medium: Host transfer can be blocked
Potential denial of service for host changes
Could prevent event from proceeding if host is unavailable
Tools Used
Foundry for testing
function test_frontRunChangeHost() public {
// Setup initial host change
vm.prank(host);
dinner.changeHost(user1);
// Front-run with another host change
vm.prank(host);
dinner.changeHost(user2);
assertEq(dinner.getHost(), user2);
}
Recommendations
Implement a two-step host transfer:
address public pendingHost;
function proposeNewHost(address _newHost) external onlyHost {
pendingHost = _newHost;
}
function acceptHostRole() external {
require(msg.sender == pendingHost, "Not pending host");
host = pendingHost;
pendingHost = address(0);
}
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.