Mini Navy Dachshund
Medium
Attackers can front-run claimSignersFor transactions by registering individual signers first through claimSignerFor, causing the batch registration to fail.
function claimSignerFor : https://github.com/sherlock-audit/2024-11-hats-protocol/blob/49de29508904e95b3cfaaf27d2e76c527429c019/hats-zodiac/src/HatsSignerGate.sol#L215 function claimSignersFor : https://github.com/sherlock-audit/2024-11-hats-protocol/blob/49de29508904e95b3cfaaf27d2e76c527429c019/hats-zodiac/src/HatsSignerGate.sol#L227
Attackers can front-run claimSignersFor by calling claimSignerFor.
No response
No response
1.Legitimate user creates a transaction to call claimSignersFor with multiple signers 2.Attacker monitors mempool and sees this transaction 3.Attacker extracts one of the signer addresses and corresponding hat ID from the transaction data 4.Attacker front-runs with a higher gas price, calling claimSignerFor for one of the signers 5.The legitimate user's claimSignersFor transaction executes but reverts because one signer is already registered 6.The entire batch registration fails
The legitimate users cannot execute batch signer registration efficiently. This results in increased gas costs from failed transactions.
No response
No response