search

code-423n4 / 2023-04-eigenlayer-findings

1 stars 1 forks source link

Frontrunning `initialize` function allows an attacker to change contract owners #82

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/DelayedWithdrawalRouter.sol#L49

Vulnerability details

Impact

An attacker can watch the mempool , and frontrun the initialize function by providing more transaction gas fees. Doing this , attacker can make himself the owner of the contract, and set malicious delay limits.

Proof of Concept

https://github.com/code-423n4/2023-04-eigenlayer/blob/main/src/contracts/pods/DelayedWithdrawalRouter.sol#L49

Tools Used

Manual review

0xSorryNotSorry commented 1 year ago

OOS --> [L‑06] Upgradeable contract not initialized

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Out of scope