Malicious user can frontrun "createAction" to make action execution revert due to the "_assertNoActionCreationsAtCurrentTimestamp" check
Proof of Concept
function _assertNoActionCreationsAtCurrentTimestamp() internal view {
if (llamaExecutor == address(0)) return; // Skip check during initialization.
address llamaCore = LlamaExecutor(llamaExecutor).LLAMA_CORE();
uint256 lastActionCreation = LlamaCore(llamaCore).getLastActionTimestamp();
if (lastActionCreation == block.timestamp) revert ActionCreationAtSameTimestamp();
}
If "executeAction" is called to execute an action targeting "setRoleHolder" or "revokePolicy", which will do the "_assertNoActionCreationsAtCurrentTimestamp" check. A malicious user with permission to create actions could frontrun the "createAction" function to make the execution revert because the lastActionCreation would then be equal to block.timestamp.
Lines of code
https://github.com/code-423n4/2023-06-llama/blob/9d641b32e3f4092cc81dbac7b1c451c695e78983/src/LlamaPolicy.sol#L404-L409
Vulnerability details
Impact
Malicious user can frontrun "createAction" to make action execution revert due to the "_assertNoActionCreationsAtCurrentTimestamp" check
Proof of Concept
If "executeAction" is called to execute an action targeting "setRoleHolder" or "revokePolicy", which will do the "_assertNoActionCreationsAtCurrentTimestamp" check. A malicious user with permission to create actions could frontrun the "createAction" function to make the execution revert because the lastActionCreation would then be equal to block.timestamp.
Tools Used
Manual Review
Recommended Mitigation Steps
Delete "_assertNoActionCreationsAtCurrentTimestamp"
Assessed type
DoS