search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

Setting the `rocketJoeFactory` address in the ` initialize()` can be frontrun by an attacker #253

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

Jujic

Vulnerability details

Impact

The functions initialize() can be called by anyone the first time, which allows an attacker to set the address rocketJoeFactory of the contract .

Proof of Concept

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeToken.sol#L25-L32

function initialize() external {
        require(
            address(rocketJoeFactory) == address(0),
            "RocketJoeToken: already initialized"
        );

        rocketJoeFactory = IRocketJoeFactory(msg.sender);
    }

Tools Used

Remix

Recommended Mitigation Steps

Add modifier

cryptofish7 commented 2 years ago

Duplicate of #68

dmvt commented 2 years ago

Duplicate of #8