dangerousfood
commented
3 years ago Valid commentary but there is no acceptable strategy to deal with metatransactions in flight
Open code423n4 opened 3 years ago
dangerousfood
commented
3 years ago Valid commentary but there is no acceptable strategy to deal with metatransactions in flight
Handle
0xRajeev
Vulnerability details
Impact
cancelOffer() is susceptible to front-running where a taker monitors the mempool for an upcoming cancelOffer() transaction by maker and front-runs to accept it anticipating to profit from a mistake/low-price which might be a reason for maker trying to cancel the offer.
Proof of Concept
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L611-L617
https://github.com/code-423n4/2021-04-redacted/blob/2ec4ce8e98374be2048126485ad8ddacc2d36d2f/Beebots.sol#L619
Tools Used
Manual Analysis
Recommended Mitigation Steps
Evaluate to determine if this is a concern. Reconsider the design to see if there is a way to commit and reveal a cancellation where it is not possible to accept a trade once the cancellation is revealed and locked.