Closed code423n4 closed 2 years ago
goatbug
Anyone can front run and create your basket, circumventing paying any initial fees.
Once proposeBasketLicense is called, anyone can subsequently call createBasket using that ID.
(Factory contract)
By calling it first you will avoid paying any fees.
This is also annoying for the person having their basket front run.
Simply require that only the proposer can call createBasket.
this is intentional
There is no risk in having someone else create the basket, finding is invaid
Handle
goatbug
Vulnerability details
Impact
Anyone can front run and create your basket, circumventing paying any initial fees.
Proof of Concept
Once proposeBasketLicense is called, anyone can subsequently call createBasket using that ID.
(Factory contract)
By calling it first you will avoid paying any fees.
This is also annoying for the person having their basket front run.
Tools Used
Recommended Mitigation Steps
Simply require that only the proposer can call createBasket.