search

code-423n4 / 2022-03-rolla-findings

1 stars 1 forks source link

Option create can be denied #10

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-03-rolla/blob/main/quant-protocol/contracts/options/OptionsFactory.sol#L63-L130

Vulnerability details

Proof of Concept

A griefer can frontrun the createOption from a user and user's tx will revert.

https://github.com/code-423n4/2022-03-rolla/blob/main/quant-protocol/contracts/options/OptionsFactory.sol#L63-L130

This line will revert because of this

Recommended Mitigation Steps

One gas efficient way to prevent this is to mix msg.sender into salt.

quantizations commented 2 years ago

This is a feature. We only want a single token to represent 1 option not many tokens. Unreasonable to grief as it costs 3m gas for this function and the other user will still achieve what they want (option creation).

itsmetechjay commented 2 years ago

Warden wuwe1 wants to withdraw finding.