Front-running Attack in buyOrder

Description

The buyOrder() function is vulnerable to front-running attacks where malicious sellers can monitor the mempool for incoming buy transactions and modify their order prices at the last moment, potentially extracting additional value from buyers.

The buyOrder(uint256 _orderId) function only requires an orderId parameter and executes the trade at whatever price is currently set in the order. This design allows sellers to modify their order prices via the amendSellOrder() function right before a buyer's transaction is mined.

Risk

Likelihood: High

• This can happen on any buyOrder() call. As the mempool is publicly visible, and the orderbook is a public contract, anyone can see the orderbook and the orders.

Impact: High

• Buyers may pay significantly more than the originally advertised price

• Attackers can extract additional value through price and amout manipulation

• Market participants lose trust in the order book's price discovery mechanism

• Users cannot rely on displayed prices and values when placing orders

• Potential for MEV extraction by sophisticated attackers

Proof of Concept

1. Attacker creates an attractive order

2. Attacker scans the mempool

3. User accepts the order and calls buyOrder()

4. Attacker adjusts the order with more gas(), frontrunning the user

5. User pays the new amount+price that the attacker decided

Recommended Mitigation

1. Price Commitment Mechanism

Implement a commitment-based system where buyers specify a maximum price and minimum amount they're willing to pay:

(optionally consider to ONLY allow to change the price and not amount, to make verification and buying easier)

2. Order Hash Verification

Use cryptographic commitments to prevent price modifications:

3. Remove the amendSellOrder function

If a user wants to modify the order, they can cancel and create a new order.