According to the provided source code, the user must transfer the underlying asset to the contract prior to calling mint() or the index token before to calling burn(). If these two actions are performed on the difference block, it introduces the risk that someone could frontrun the transaction by calling mint() or burn() immediately after a user transfers tokens to the contract, so claiming over the user's funds.
Proof of Concept
Due to the fact that the source code provided is incomplete, it is unclear when and how the token is transferred to the contract. However, I chose to submit this issue in case the team is still unaware of it.
Tools Used
None
Recommended Mitigation Steps
It is recommended that two actions must be executed in one transaction to eliminate the frontrun risk.
olivermehr
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L31 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L96 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/BaseIndex.sol#L43 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/BaseIndex.sol#L59
Vulnerability details
Impact
According to the provided source code, the user must transfer the underlying asset to the contract prior to calling
mint()or the index token before to callingburn(). If these two actions are performed on the difference block, it introduces the risk that someone could frontrun the transaction by callingmint()orburn()immediately after a user transfers tokens to the contract, so claiming over the user's funds.Proof of Concept
Due to the fact that the source code provided is incomplete, it is unclear when and how the token is transferred to the contract. However, I chose to submit this issue in case the team is still unaware of it.
Tools Used
None
Recommended Mitigation Steps
It is recommended that two actions must be executed in one transaction to eliminate the frontrun risk.