search

code-423n4 / 2022-05-factorydao-findings

1 stars 1 forks source link

Creator of the contract could front run tax per capita to 100% of Yield rewards #262

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/PermissionlessBasicPoolFactory.sol#L316

Vulnerability details

Impact

Contract creator could steal all rewards using frontrunning

Proof of Concept

When a yield pool is created pool tax is set equal to global tax and funds are sent into the contract to pay for rewards. The contract creator could set tax to 100% in a transaction frontrunning a pool creation. He will then get all rewards distributed by that pool.

Tools Used

Recommended Mitigation Steps

Add a maximum global tax so it can't reach 100%. Also, frontrunning protection can be added. When a pool is created the creator could input the accepted tax as calldata. If the accepted tax isn't equal to the actual tax (for example because of frontrunning) pool creation should revert.

illuzen commented 2 years ago

Duplicate #16

itsmetechjay commented 2 years ago

Re-closing as this is a duplicate.

gititGoro commented 2 years ago

Duplicate of #56