RebateFi Hook
First Flight #53
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: medium
Invalid

Front-running Fee Changes

sulfurpt

Description

  • Fee changes in the `ChangeFee` function are immediately executable, creating MEV (Miner Extractable Value) opportunities where sophisticated traders can front-run fee change transactions to gain economic advantages.

function ChangeFee(bool _isBuyFee, uint24 _buyFee, bool _isSellFee, uint24 _sellFee) external onlyOwner {
@> if(_isBuyFee) buyFee = _buyFee; // Immediate execution
@> if(_isSellFee) sellFee = _sellFee; // No timelock or delay
}

Risk

Impact:

  • Sophisticated traders front-run fee changes for profit which creates perception of unfair trading environment where users pay unexpectedly high fees without warning and fee changes create predictable MEV opportunities.

Proof of Concept

function test_FrontRunningFeeChanges() public {
uint24 originalSellFee = rebateHook.sellFee();
rebateHook.ChangeFee(false, 0, true, 5000); // Increase sell fee to 50%
(uint24 buyFee, uint24 sellFee) = rebateHook.getFeeConfig();
assertEq(sellFee, 5000);
}

Recommended Mitigation

  • Implement timelocks for fee changes to prevent front-running.

  • Implement graduated fee changes to reduce MEV impact

  • Provide fee change notifications to users

  • Consider governance mechanisms for major fee changes

Updates

Lead Judging Commences

chaossr Lead Judge 12 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!