Front-Running Vulnerabilitie in PerpetualVault at run and runNextAction
Summary
The contract relies on off-chain price data and keeper scripts, which could be manipulated by front-running attacks.
Vulnerability Details
Location: run and runNextAction functions.
Issue: An attacker could front-run keeper transactions to manipulate prices or positions.
Impact
Loss of funds due to manipulated prices or positions.
Tools Used
Eth-security-toolbox for front-running simulation.
Recommendations
Use commit-reveal schemes or on-chain price oracles.
Implement slippage protection for swaps and position adjustments.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.