Front-Running Combined with Malicious Replacement Contract
Severity
High Risk
Summary
Front-Running Combined with Malicious Replacement Contract
Vulnerability Details
an attacker could front-run the contract creation by deploying a malicious contract at the predicted address before the legitimate escrow contract is deployed.
Once the malicious contract is in place, the attacker could manipulate the contract's behaviour to misappropriate funds. For example, the malicious contract could be designed to transfer any funds it receives to the attacker's address.
Impact
The impact of this attack could be substantial, as it could potentially result in the loss of all funds intended for the escrow contract. The extent of the impact would depend on the value of the transactions being processed.
Tools Used
Manual Review
Recommendations
This attack could potentially be mitigated by using a private rpc like flashbots
Front-Running Combined with Malicious Replacement Contract
Severity
High Risk
Summary
Front-Running Combined with Malicious Replacement Contract
Vulnerability Details
an attacker could front-run the contract creation by deploying a malicious contract at the predicted address before the legitimate escrow contract is deployed.
Once the malicious contract is in place, the attacker could manipulate the contract's behaviour to misappropriate funds. For example, the malicious contract could be designed to transfer any funds it receives to the attacker's address.
Impact
The impact of this attack could be substantial, as it could potentially result in the loss of all funds intended for the escrow contract. The extent of the impact would depend on the value of the transactions being processed.
Tools Used
Manual Review
Recommendations
This attack could potentially be mitigated by using a private rpc like flashbots