The Factory.createNewExchange allows only a single exchange to exist for any (base, quote) pair.
The function also allows setting a name for this unique exchange.
An attacker can frontrun the createNewExchange call and create an exchange for the same pair but with a different name.
They can choose stupid/offensive names which can make the pair look untrustworthy.
Recommended Mitigation Steps
Disallow choosing the name.
Deterministically create the name and symbol by combining the base and quote token pair's name() and symbol().
0xean
commented
2 years ago
Handle
cmichel
Vulnerability details
The
Factory.createNewExchangeallows only a single exchange to exist for any (base, quote) pair. The function also allows setting a name for this unique exchange. An attacker can frontrun thecreateNewExchangecall and create an exchange for the same pair but with a different name.They can choose stupid/offensive names which can make the pair look untrustworthy.
Recommended Mitigation Steps
Disallow choosing the name. Deterministically create the name and symbol by combining the base and quote token pair's
name()andsymbol().