Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Front-Running Vulnerability in Block Hash Commit Pattern

hamadiftikhar

Summary

The IBlockHashRetain.vyi interface's commit pattern is vulnerable to front-running attacks, violating which requires proper commit-reveal schemes for actions visible in the mempool.

Vulnerability Details

The current implementation exposes the commit operation without any protection:

@external

def commit() -> uint256:

"""

@notice Commit (and apply) a block hash/state root.

@dev Same as `apply()` but saves committer

"""

...

event CommitBlockHash:

committer: indexed(address)

number: indexed(uint256)

hash: bytes32

An attacker can:

Monitor the mempool for commit() transactions
Front-run with their own commit using higher gas
Manipulate the block hash retention process

Impact

Malicious actors can front-run legitimate commits
Disruption of oracle block hash data
Potential manipulation of dependent protocols
Loss of commit operation integrity

Tools Used

Manual Review

Recommendations

Implement proper commit-reveal scheme:

@external

def commit(_hash_commitment: bytes32): # Hash of (block_number, secret)

"""

@notice First phase of commit-reveal scheme

@param _hash_commitment Hashed commitment data

"""

self.commitments[msg.sender] = _hash_commitment

self.commitment_timestamps[msg.sender] = block.timestamp

@external

def reveal(_block_number: uint256, _secret: bytes32):

"""

@notice Second phase of commit-reveal scheme

@param _block_number Original block number

@param _secret Secret used in commitment

"""

commitment: bytes32 = keccak256(

concat(

convert(_block_number, bytes32),

_secret

)

assert self.commitments[msg.sender] == commitment, "Invalid reveal"

assert block.timestamp > self.commitment_timestamps[msg.sender], "Too early"

Updates

Lead Judging Commences

0xnevi Lead Judge

6 months ago

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.