Submission Details
Severity:
Front Running Attack in `CreditDelegationBranch::withdrawUsdTokenFromMarket`
## Summary
Front running attack in `CreditDelegationBranch::withdrawUsdTokenFromMarket`.
## Vulnerability Details
A profitable trader(Attacker) can call `CreditDelegationBranch::withdrawUsdTokenFromMarket` to withdraw from a market when
the market is not in ADL state, this withdrawal can make the market go into ADL state which will make the next
withdrawal(requested USD) by a profitable trader reduce.
The vulnerability happens in the following way
1. A profitable trader(Attacker) calls `CreditDelegationBranch::withdrawUsdTokenFromMarket` when the market from which the
tokens are requested is not in ADL state.
2. After withdrawal the market does not go into ADL state because the market total debt and total delegated credit have not
been updated.
3. A profitable trader(Victim) calls `CreditDelegationBranch::withdrawUsdTokenFromMarket` which update the market total debt
and total delegated credit and triggered the ADL after being calculated using `delegatedCreditUsdX18` (total delegated
credit) and `marketTotalDebtUsdX18` (market total debt).
4. The victim requested USD token amount gets reduced since
## Impact
The requested USD of the next profitable trader(Victim) will be reduced making the trader to get reduced USD token instead of
full USD token amount.
## Tools Used
Solidity
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821 USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.