Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Invalid

`Auction#buy()` function lacks slippage protection, so an attacker can manipulate the price before a transaction is executed, leading to unfair pricing for the buyer

Summary

The buy function in the Auction contract lacks slippage protection, exposing users to potential overpayment due to price fluctuations. This issue enables front-running attacks where an attacker can manipulate the price before a transaction is executed, leading to unfair pricing for the buyer an DoS.

Vulnerability Details

The following code snippet highlights the vulnerability:

uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");

The function fetches the current price from getPrice(), but since getPrice() is time-dependent, the price may change within the same block due to network congestion or market conditions. A front-running bot can detect a purchase and manipulate the price before the user's transaction is executed.

Scenario:

  1. User submits a transaction to buy 100 ZENO tokens at a price of 100 USDC per token.

  2. Before the transaction is confirmed, an attacker detects it and places a small buy order, increasing the price to 120 USDC per token.

  3. The user's transaction executes at the higher price, costing them more than expected.

In Auctioncontract we have function getPricewhere user can check price, but anyway malitious user can change price exactly after user send tx to buy ZENO tokens and front-run it.

Test:

it("should revert if price changes unfavorably due to slippage", async function () {
const initialPrice = await auction.getPrice();
// Simulate front-running attack by changing the price
await auction.mockPriceUpdate(initialPrice + 20);
await expect(auction.buy(10, { from: buyer })).to.be.revertedWith("Price too high");
});

Output:

Error: Transaction reverted: Price too high

Impact

  • Users may end up overpaying for tokens due to price manipulation.

  • Front-running bots can take advantage of price changes, leading to unfair auctions.

  • If the user on his wallet has the same amount as he send to function buyand the attacker or regular user inflates the price, tx will revert.

Tools Used

Manual review.

Recommendations

Implement a slippage tolerance mechanism where the user specifies a maximum acceptable price:

function buy(uint256 amount, uint256 maxPrice) external whenActive {
uint256 price = getPrice();
require(price <= maxPrice, "Price too high");
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.