search

code-423n4 / 2023-07-tapioca-findings

15 stars 10 forks source link

Frontrunning Vulnerability in brokerClaim() Function #1364

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/Tapioca-DAO/tap-token-audit/blob/main/contracts/options/oTAP.sol#L126

Vulnerability details

Impact

The brokerClaim() function is susceptible to frontrunning, allowing unauthorized users to claim the broker role in the smart contract. This can lead to unauthorized access and manipulation of sensitive operations and to financial losses due to potential exploits by unauthorized asset transfers as the broker can mint new tokens to himself or to the provided address and mints 51% of the pool tokens to himself and lead to a severe centralization and control over the smart contract ecosystem.

Proof of Concept

function brokerClaim() external {
    require(broker == address(0), "OTAP: only once");
    broker = msg.sender;
}

Tools Used

Manual review

Recommended Mitigation Steps

Implement an access control mechanism in the smart contract that limits the execution of the brokerClaim() function to authorized addresses only

Assessed type

Access Control

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #111

c4-judge commented 1 year ago

dmvt changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

dmvt marked the issue as grade-c