code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

`PositionManager.sol` contract LP may be front-running redeemed when trades NFT #343

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/PositionManager.sol#L352

Vulnerability details

Impact

PositionManager.sol contract LP may be front-running redeemed when trades NFT

Proof of Concept

Bob is ready to buy Alias' NFT and initiates the transaction
Alias front-run reedemPositions function to redeem LP
Bob completes the transaction and gets an empty NFT

Tools Used

Manual review

Recommended Mitigation Steps

It is recommended to check LP when trading NFT

Assessed type

ERC721

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid