bytes032
commented
12 months ago LQ because of front-running on Arb
Closed code423n4 closed 10 months ago
bytes032
commented
12 months ago LQ because of front-running on Arb
c4-pre-sort
commented
12 months ago bytes032 marked the issue as low quality report
bytes032
commented
12 months ago LQ because of front-running on Arb
GalloDaSballo
commented
11 months ago Worth looking again as if the loss is known (predictable) the loss may be avoided
GalloDaSballo
commented
10 months ago See #1600
c4-judge
commented
10 months ago GalloDaSballo marked the issue as unsatisfactory: Invalid
c4-judge
commented
10 months ago GalloDaSballo marked the issue as duplicate of #1584
c4-judge
commented
10 months ago GalloDaSballo marked the issue as partial-50
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L764 https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L772-L774 https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L199-L205
Vulnerability details
Impact
A user is able to front-run the call to
settlefunction in to avoid paying the loss.settleis called by Admin which is a public function, When this functions is called the transaction will appear in the mem pool. A user may then callredeemfrom LP Vault to withdraw all of their funds.Tools Used
Manual Review
Recommended Mitigation Steps
Consider making the withdrawals a two step process. The first step requests a withdrawal and marks the time. The second request processes the withdrawal but requires a period of time to elapse since the first step.
Assessed type
Other