Users can be frontrunned with higher fees #296
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Comments
code423n4
added
1 (Low Risk)
loki-sama
added
the
sponsor acknowledged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
pedroais
Vulnerability details
Impact
Changing the entry and exit fee on the basket doesn't require a timelock. Users could be frontrunned with a higher fee before entering a basket. The issue is a low risk since there is a max cap on 10% fee so it can't be set to 100%.
Even if this attack could only be made by privileged roles adding a timelock would make the protocol more trustless.
Proof of Concept
When a user enters a basket with 0 or low fees his transaction can be frontrunned. Entry and exit fees could be changed to max which is a value the user didn't necessarily agree to.
Recommended Mitigation Steps
Add a timelock to change entry and exit fees.
The text was updated successfully, but these errors were encountered: