code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

`updateBucketExchangeRatesAndClaim()` allows attacker to frontrun calls #328

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L310-L318

Vulnerability details

In RewardsManager.sol the method updateBucketExchangeRatesAndClaim() distributes rewards to the caller for updating the bucket exchange rate. However, this transaction can be frontrunned by an attacker allowing them to get the rewards.

Assessed type

MEV

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #373

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory