Front-running vulnerability in configurePass function
Description:
The configurePass function allows the organizer to modify pass prices at any time without protection against front-running attacks. When an organizer wants to increase the price of a pass, malicious users can monitor this transaction in the mempool and execute a front-running attack by purchasing passes at the old, lower price before the price change transaction is mined.
Attack path:
Organizer calls
configurePass(GENERAL_PASS, 0.1 ether, 5000)to increase price from 0.05 ETH to 0.1 ETHAttacker observes this transaction in the mempool
Attacker quickly submits
buyPass(GENERAL_PASS)with 0.05 ETH (old price) and higher gas priceAttacker's transaction executes first - they purchase pass for 0.05 ETH
Organizer's transaction then executes, setting new price to 0.1 ETH
Protocol loses 0.05 ETH difference in pricing
Impact:
Financial losses for the protocol with every price increase
Loss of pricing control and predictability
Recommended Mitigation:
Use commit-reveal scheme to hide price change intentions
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.