Cyfrin / solidity-by-example.github.io

Solidity By Example
https://solidity-by-example.org/
MIT License
614 stars 201 forks source link

Fixes for PreventFrontrunning.sol #251

Closed ErbaZZ closed 1 year ago

ErbaZZ commented 1 year ago

This PR resolves two bugs in the PreventFrontrunning.sol.

  1. The attacker can attack this smart contract by submitting both commitSolution() and revealSolution() transactions in the same block after seeing the correct solution in the mempool. Solution: The commit 48a0b38ad2217a61ae41f1ecc80dff414cd4506c resolves this by ensuring the commit is done before the current block.
  2. The solution-checking logic is incorrect since the correct solution must have the same hash as stored in the smart contract, not different. (Credits to @jokopopo for this issue) Solution: The commit 63a2e19628750cb4598f9e2a02e67bf1e93d818e resolves this by changing the comparison operator from != to ==.
t4sk commented 1 year ago

@ErbaZZ Thanks for the fix