Closed code423n4 closed 10 months ago
LQ because of front-running on Arb
bytes032 marked the issue as low quality report
LQ because of front-running on Arb
Worth looking again as if the loss is known (predictable) the loss may be avoided
See #1600
GalloDaSballo marked the issue as unsatisfactory: Invalid
GalloDaSballo marked the issue as duplicate of #1584
GalloDaSballo marked the issue as partial-50
Lines of code
https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L764 https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/core/RdpxV2Core.sol#L772-L774 https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L199-L205
Vulnerability details
Impact
A user is able to front-run the call to
settle
function in to avoid paying the loss.settle
is called by Admin which is a public function, When this functions is called the transaction will appear in the mem pool. A user may then callredeem
from LP Vault to withdraw all of their funds.Tools Used
Manual Review
Recommended Mitigation Steps
Consider making the withdrawals a two step process. The first step requests a withdrawal and marks the time. The second request processes the withdrawal but requires a period of time to elapse since the first step.
Assessed type
Other