SamSteinGG
commented
2 years ago This is not a front-running protection, this is meant to ensure fair block space usage that can still be incentivized via MEV if desired so.
Closed code423n4 closed 2 years ago
SamSteinGG
commented
2 years ago This is not a front-running protection, this is meant to ensure fair block space usage that can still be incentivized via MEV if desired so.
alcueca
commented
2 years ago Dispute accepted
Handle
TomFrench
Vulnerability details
Impact
Gas costs for an ineffective frontrunning protection
Proof of Concept
BasePool and BasePoolV2 make use of a
validateGasmodifier on swaps which checks that the user's gas price is between the basefee and the value returned by_FAST_GAS_ORACLE.https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex/utils/GasThrottle.sol#L9-L20
This is an ineffective check as flashbots allows frontrunners to evade this check in 99% of cases (only failing in the case of a stale oracle.)
Recommended Mitigation Steps
Remove GasThrottle.sol