Anyone can watch the mempool and copy the calldata to replicate the same tx. For example, a frontrunner calculates that replicating this tx will result in profit, he watches and copies updateValset and gets rewardAmount, or submitBatch and gets totalFee, or submitLogicCall and gets feeAmounts, then instantly sell these tokens on AMM for profit. This may result in reverted txs, gas wasted, and a poor experience for legit users.
Recommended Mitigation Steps
This problem seems insurmountable in this case but you may want to consider adding restrictions on the callers or introducing any other possible prevention techniques.
Handle
pauliax
Vulnerability details
Impact
Anyone can watch the mempool and copy the calldata to replicate the same tx. For example, a frontrunner calculates that replicating this tx will result in profit, he watches and copies updateValset and gets rewardAmount, or submitBatch and gets totalFee, or submitLogicCall and gets feeAmounts, then instantly sell these tokens on AMM for profit. This may result in reverted txs, gas wasted, and a poor experience for legit users.
Recommended Mitigation Steps
This problem seems insurmountable in this case but you may want to consider adding restrictions on the callers or introducing any other possible prevention techniques.