0xSorryNotSorry
commented
1 year ago Closed code423n4 closed 1 year ago
0xSorryNotSorry
commented
1 year ago 
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/fork/newdao/token/NounsTokenFork.sol#L119
Vulnerability details
Impact
Initialize function have the potential of front running by a malicious actor. An attacker can front-run the deployer and takeover the contract by setting itself as the owner in the NounsTokenFork.sol Contract. Taking ownership will result in passing values favourable to the attacker like claiming all tokens or forking. Front running the NounsAuctionHouseFork contract an attacker can set the weth address for themself and receiving all the funds.
Proof of Concept
https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/fork/newdao/token/NounsTokenFork.sol#L119 https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/fork/newdao/NounsAuctionHouseFork.sol#L76 https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOExecutorV2.sol#L95
Tools Used
Past relative findings from audit reports. https://solodit.xyz/issues/initialization-functions-can-be-front-run-trailofbits-advanced-blockchain-pdf https://solodit.xyz/issues/possible-front-running-on-initialization-halborn-biconomy-bico-token-pdf
Recommended Mitigation Steps
Implement use of factory pattern to deploy and initialise contract with enhancing access control to the initialize functions.
Assessed type
Other