OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Front-Running Vulnerability in Order Amendment Process

sayemsec

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

The OrderBook contract allows sellers to modify existing orders through the amendSellOrder() function without any temporal restrictions or anti-MEV protections. The normal behavior should provide fair trading conditions where buyers can execute orders at the advertised price without interference. However, malicious sellers can monitor the mempool for incoming buyOrder() transactions and front-run them by quickly amending their orders to increase prices, decrease amounts, or modify deadlines, effectively extracting additional value from unsuspecting buyers.

Risk

Likelihood:

MEV bots and sophisticated traders actively monitor mempool activity for profitable opportunities in DeFi protocols

The amendment function has no cooldown period, allowing immediate modifications when profitable buy orders are detected

Gas price manipulation allows attackers to ensure their amendment transactions are prioritized over buyer transactions

Impact:

Buyers pay significantly more than the originally advertised price due to last-minute price increases

Transaction failures waste gas costs for legitimate buyers attempting to purchase at fair market prices

Systematic erosion of user trust in the platform's fairness and reliability

Creation of MEV opportunities that favor sophisticated actors over retail users

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

// Attack scenario demonstration

contract FrontRunningAttack {

OrderBook orderBook;

function demonstrateAttack() external {

// 1. Seller creates attractive order: 1 ETH for 2000 USDC

uint256 orderId = orderBook.createSellOrder(

address(weth),

1 ether,

2000e6, // 2000 USDC

1 days

);

// 2. Buyer sees good price, submits buyOrder() transaction

// 3. Attacker detects buyOrder() in mempool

// 4. Attacker front-runs with higher gas price

orderBook.amendSellOrder(

orderId,

1 ether,

2500e6, // Increased to 2500 USDC (25% higher)

1 days

);

// 5. Buyer's transaction now fails or pays inflated price

}

Recommended Mitigation

Implement a cooldown period for order amendments to prevent immediate modifications:

soliditymapping(uint256 => uint256) public lastAmendmentTime;

uint256 public constant AMENDMENT_COOLDOWN = 300; // 5 minutes

function amendSellOrder(

uint256 _orderId,

uint256 _newAmountToSell,

uint256 _newPriceInUSDC,

uint256 _newDeadlineDuration

) public {

require(

block.timestamp >= lastAmendmentTime[_orderId] + AMENDMENT_COOLDOWN,

"Amendment cooldown period not met"

);

// ... existing validation logic ...

lastAmendmentTime[_orderId] = block.timestamp;

// ... rest of function implementation ...

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge

about 2 months ago

yeahchibyke Lead Judge about 1 month ago

Submission Judgement Published

Invalidated

Reason: Too generic

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.