frank-beard
commented
3 years ago this is intentional
Closed code423n4 closed 2 years ago
frank-beard
commented
3 years ago this is intentional
GalloDaSballo
commented
2 years ago There is no risk in having someone else create the basket, finding is invaid
Handle
goatbug
Vulnerability details
Impact
Anyone can front run and create your basket, circumventing paying any initial fees.
Proof of Concept
Once proposeBasketLicense is called, anyone can subsequently call createBasket using that ID.
(Factory contract)
By calling it first you will avoid paying any fees.
This is also annoying for the person having their basket front run.
Tools Used
Recommended Mitigation Steps
Simply require that only the proposer can call createBasket.