Closed c4-bot-9 closed 4 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #206
raymondfam marked the issue as not a duplicate
raymondfam marked the issue as primary issue
The described POC isn't as discrete as it should be in #35. Additionally, issues related to front-running are known issues per readme.
hansfriese marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/facets/RedemptionFacet.sol#L56-L61
Vulnerability details
proposeRedemption
, allows users to submit a proposal for redeeming their dUSD for collateral from ShortRecords. The function takes the following inputs:asset
: The address of the asset being redeemed.proposalInput
: An array ofMTypes.ProposalInput
structs, each containing a ShortRecord'sshorter
address,shortId
, andshortOrderId
.redemptionAmount
: The total amount of dUSD the user wants to redeem.maxRedemptionFee
: The maximum fee the user is willing to pay for the redemption.RedemptionFacet.sol#proposeRedemption
Lack of front-running protection in the
proposeRedemption
function. An attacker can monitor the mempool for incoming redemption proposals and quickly submit their own proposal with a lower CR, effectively front-running the legitimate proposal.The issue lies in the fact that the function processes the redemption proposals in the order they are received, without any considerations for the CR or the time of submission. This allows an attacker to manipulate the redemption order and potentially steal the redemption opportunity from legitimate users.
Impact
The redemption process becomes unfair and biased, favoring attackers over legitimate users.
Proof of Concept
Let's consider a scenario where multiple users want to propose redemptions for ShortRecords with different CRs. The ShortRecords and their corresponding CRs are as follows:
Legitimate User's Actions:
proposeRedemption
function with the following parameters:asset
: The address of the asset being redeemed.proposalInput
: An array containing theshorter
address,shortId
, andshortOrderId
of ShortRecord 1.redemptionAmount
: The amount of dUSD Alice wants to redeem.maxRedemptionFee
: The maximum fee Alice is willing to pay.Attacker's Actions:
proposeRedemption
function with the following parameters:asset
: The same asset address as Alice's proposal.proposalInput
: An array containing theshorter
address,shortId
, andshortOrderId
of ShortRecord 2.redemptionAmount
: The same or higher amount of dUSD compared to Alice's proposal.maxRedemptionFee
: A higher maximum fee than Alice's proposal to make it more attractive for miners.As can be seen:
This Code Snippet demonstrates the front-running
The
proposeRedemption
function iterates through theproposalInput
array and processes each proposal in the order they are received. The lack of front-running protection allows an attacker to manipulate the transaction ordering and front-run legitimate proposals.Tools Used
Manual Review
Recommended Mitigation Steps
Should implement measures such as a commit-reveal scheme or a priority queue based on factors like CR, redemption amount, and time of submission.
Redemption proposals are inserted into a priority queue based on their CR, redemption amount, and submission time. The
processRedemptionProposals
function then processes the proposals in the order determined by the priority queue, ensuring a fair and unbiased redemption process.Assessed type
Context