Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`Auction#buy()` function lacks slippage protection, so an attacker can manipulate the price before a transaction is executed, leading to unfair pricing for the buyer

safdie

Summary

The buy function in the Auction contract lacks slippage protection, exposing users to potential overpayment due to price fluctuations. This issue enables front-running attacks where an attacker can manipulate the price before a transaction is executed, leading to unfair pricing for the buyer an DoS.

Vulnerability Details

The following code snippet highlights the vulnerability:

uint256 price = getPrice();

uint256 cost = price * amount;

require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");

The function fetches the current price from getPrice(), but since getPrice() is time-dependent, the price may change within the same block due to network congestion or market conditions. A front-running bot can detect a purchase and manipulate the price before the user's transaction is executed.

Scenario:

User submits a transaction to buy 100 ZENO tokens at a price of 100 USDC per token.
Before the transaction is confirmed, an attacker detects it and places a small buy order, increasing the price to 120 USDC per token.
The user's transaction executes at the higher price, costing them more than expected.

In Auctioncontract we have function getPricewhere user can check price, but anyway malitious user can change price exactly after user send tx to buy ZENO tokens and front-run it.

Test:

it("should revert if price changes unfavorably due to slippage", async function () {

const initialPrice = await auction.getPrice();

// Simulate front-running attack by changing the price

await auction.mockPriceUpdate(initialPrice + 20);

await expect(auction.buy(10, { from: buyer })).to.be.revertedWith("Price too high");

});

Output:

Error: Transaction reverted: Price too high

Impact

Users may end up overpaying for tokens due to price manipulation.
Front-running bots can take advantage of price changes, leading to unfair auctions.
If the user on his wallet has the same amount as he send to function buyand the attacker or regular user inflates the price, tx will revert.

Tools Used

Manual review.

Recommendations

Implement a slippage tolerance mechanism where the user specifies a maximum acceptable price:

function buy(uint256 amount, uint256 maxPrice) external whenActive {

uint256 price = getPrice();

require(price <= maxPrice, "Price too high");

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.