Open c4-bot-5 opened 1 month ago
Scorpiondeng
commented
1 month ago Hello Judge, although this report is short in length, I think it explains the issue clearly. Since price updates can be predicted, it is feasible for users to make profits by operating before price updates.
alex-ppg
commented
4 weeks ago Hey @Scorpiondeng, thanks for your feedback! There is a similar finding in the findings repository where you can check my reply: https://github.com/code-423n4/2024-05-munchables-findings/issues/65#issuecomment-2149816038
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L461 https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L506
Vulnerability details
Impact
Attackers can pre-empt transactions to gain more rewards.
Proof of Concept
The price of user-locked tokens in the contract is determined based on voting. The price will be updated when the number of agreed votes reaches the threshold. Imagine the following situation. If the price of token A drops in the market now, the contract votes to change the price. At this time, the attacker monitors the transaction that changes the price. He initiates the transaction first and calls the harvest function. As a result, the getLockedWeightedValue function will return more locked value than after the token price drops, and thus he can get more rewards. cause losses to the agreement.
Tools Used
manual
Recommended Mitigation Steps
It is recommended to get the price of the token in real time. Chainlink can be used.
Assessed type
Oracle