Closed c4-bot-9 closed 4 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Readme: Issues related to front-running: can front-run someone's order, liquidation, the chainlink/uniswap oracle update.
hansfriese marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/BidOrdersFacet.sol#L130-L204 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOrders.sol#L556-L626
Vulnerability details
Description
bidMatchAlgo
andsellMatchAlgo
, which are responsible for matching incoming orders with existing orders in the orderbook based on price.BidOrdersFacet.sol#bidMatchAlgo
LibOrders.sol#sellMatchAlgo
These functions iterate through the orderbook, matching the incoming order with the lowest sell order or highest bid order, respectively, based on price.
The bidMatchAlgo and sellMatchAlgo functions are expected to match incoming orders with existing orders in the orderbook based on price, facilitating trades between buyers and sellers.
The expected inputs are the
asset
being traded, theincomingBid
orincomingAsk
order, and any necessaryorderHintArray
for efficient matching.The intended outcome is to fill the incoming order as much as possible by matching it with existing orders, updating the orderbook state accordingly, and returning the filled amounts and any remaining amounts.
Vulnerability Details
The edge case is from the lack of checks or restrictions on the size of the orders being placed and matched. An attacker can exploit this by placing large orders using funds obtained through a flash loan, influencing the market prices significantly.
The steps an attacker can take are:
The lines responsible for the vulnerability are:
incomingBid
andlowestSell
orders.incomingAsk
andhighestBid
orders.The attacker can profit from the price difference between their manipulated buy and sell orders, effectively buying low and selling high within the same transaction. This behavior deviates from the intended fair and orderly matching of orders based on genuine market demand and supply.
Impact
Proof of Concept
Scenario:
Front-Running Attack:
Impact of Front-Running:
Sandwich Attack:
Impact of Sandwich Attack:
Potential Consequences:
Recommended Mitigation Steps
Assessed type
MEV