Submission Details
Severity:
Front-Running Attack in `sellErc20` function
Summary
The `sellErc20` function is susceptible to front-running attacks where an attacker can observe a transaction in the mempool and quickly submit a transaction with a higher gas price to buy the tokens before the seller's transaction is confirmed. This can lead to buying at a lower price than intended or manipulating market prices.
Vulnerability Details
Impact
1. Price Manipulation: Attackers can buy at artificially low prices before others can act.
2. Market Integrity: The platform's pricing mechanism could be seen as unreliable, affecting user trust.
3. Inequity: Honest users might be outbid by attackers with faster transaction processing capabilities.
Tools Used
Manual Review
Recommendations
Implement a commit-reveal scheme or use off-chain order matching to mitigate front-running:
Code Snippet:
```solidity
function commitSellOrder(bytes32 commitment) external {
// Record commitment for later reveal
s_commitments[msg.sender] = commitment;
// Lock a small amount of tokens to prevent double-committing
IERC20(tokenInfo.erc20Address).transferFrom(msg.sender, address(this), 1);
}
function revealSellOrder(address nftPegged, uint256 price, uint256 amount, bytes32 salt) external {
bytes32 commitment = keccak256(abi.encodePacked(nftPegged, price, amount, salt, msg.sender));
require(s_commitments[msg.sender] == commitment, "Invalid commitment");
// Here, perform the actual sellErc20 logic
// ... (existing sellErc20 logic goes here)
}
```
Rewards breakdown
nSLOC
181This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.