OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

H-05 Seller Front-running with `amendSellOrder` leads to unfair trading for buyers

0x27281m

Root + Impact

Description

Due to the lack of a modification interval in amendSellOrder, sellers can front-run by amending the sell order, increasing the price or reducing the amount before the order is purchased. This leads to unfair trading for buyers.

function amendSellOrder(
uint256 _orderId,
uint256 _newAmountToSell,
uint256 _newPriceInUSDC,
uint256 _newDeadlineDuration
) public {
// Update order details
order.amountToSell = _newAmountToSell;
order.priceInUSDC = _newPriceInUSDC;
order.deadlineTimestamp = newDeadlineTimestamp;
}

Risk

Likelihood:

  • Reason 1: The seller can suddenly increase _newPriceInUSDC before the order is purchased.

Impact:

  • Impact 1: The buyer ends up paying more in protocol fees (protocolFee) and the actual payment (sellerReceives).

Proof of Concept

A malicious user can front-run amendSellOrder by maliciously increasing the PriceInUSDC. This increase will also increase the protocolFee and sellerReceives, causing the buyer to pay higher fees than originally intended.

function test_front_run() public {
// alice creates sell order for wbtc
vm.startPrank(alice);
wbtc.approve(address(book), 2e8);
uint256 aliceId = book.createSellOrder(address(wbtc), 2e8, 1e6, 3 days);
string memory aliceOrderDetails_1 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_1);
vm.stopPrank();
vm.warp(block.timestamp + 2 days);
vm.prank(alice);
book.amendSellOrder(aliceId, 1.75e8, 175_000e6, 3 days);
string memory aliceOrderDetails_2 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_2);
vm.startPrank(dan);
usdc.approve(address(book), 200_000e6);
book.buyOrder(aliceId); // dan buys alice wbtc order
string memory aliceOrderDetails_3 = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails_3);
}

Output

  1. The buyer originally only needed to pay protocolFee 30000 and sellerReceives 970000.

  2. Now, the buyer needs to pay much higher fees: protocolFee 5250000000 and sellerReceives 169750000000.

[PASS] test_front_run() (gas: 432069)
Logs:
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 200000000 wBTC
Asking Price: 1000000 USDC
Deadline Timestamp: 259201
Status: Active
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 175000000 wBTC
Asking Price: 175000000000 USDC
Deadline Timestamp: 432001
Status: Active
@> protocolFee 5250000000
@> sellerReceives 169750000000
BuyOrder totalFees: 5250000000
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 175000000 wBTC
Asking Price: 175000000000 USDC
Deadline Timestamp: 432001
Status: Inactive (Filled/Cancelled)

Recommended Mitigation

Add a modification time interval to amendSellOrder so that the sell order cannot be amended before a trade is completed.

Updates

Lead Judging Commences

yeahchibyke Lead Judge
12 days ago
yeahchibyke Lead Judge 8 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0x27281m Submitter
8 days ago
yeahchibyke Lead Judge
7 days ago
0x27281m Submitter
7 days ago
yeahchibyke Lead Judge
7 days ago
0x27281m Submitter
7 days ago
yeahchibyke Lead Judge 4 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.