This finding indicates a potential front-running vulnerability in the THORChain_Router contract, specifically in the transferOutV5 method. Front-running vulnerabilities can allow attackers to manipulate transaction ordering to their advantage, potentially causing financial losses or other adverse effects. Exploiting this vulnerability could lead to unauthorized transfers of assets or manipulation of contract states.
scenario:
A user attempts to deposit assets with expiry into the THORChain_Router contract.
An attacker front-runs the deposit function, causing the user's transaction to fail.
transfer(address to, uint256 value): Allows an attacker to execute a transfer just before the privileged user's transfer, potentially manipulating token balances to their advantage.
transferFrom(address from, address to, uint256 value): Similar to transfer, but allows spending from an approved allowance. An attacker can exploit timing to deplete allowances or manipulate balances.
burn(uint256 amount): An attacker can front-run this function to affect the token supply, potentially leading to an incorrect supply calculation or impacting other token-related operations.
depositWithExpiry(address vault, address asset, uint256 amount, string memo, uint256 expiration): An attacker can front-run this function to prevent legitimate deposits with expiry, potentially causing users' transactions to fail.
Tools Used
Manual review
Formal Verification
Recommended Mitigation Steps
Ensure that critical state changes are made before any external calls, and consider using mechanisms like transaction ordering to prevent front-running.
Use Checks-Effects-Interactions: Update state variables before making external calls to ensure consistent state changes.
Lines of code
https://github.com/code-423n4/2024-06-thorchain/blob/main/chain/ethereum/contracts/THORChain_Router.sol?plain=1#L209-#L226 https://github.com/code-423n4/2024-06-thorchain/blob/main/chain/ethereum/contracts/THORChain_Router.sol?plain=1#L261-#L282
Vulnerability details
Impact
This finding indicates a potential front-running vulnerability in the THORChain_Router contract, specifically in the transferOutV5 method. Front-running vulnerabilities can allow attackers to manipulate transaction ordering to their advantage, potentially causing financial losses or other adverse effects. Exploiting this vulnerability could lead to unauthorized transfers of assets or manipulation of contract states.
Proof of Concept
output:
scenario: A user attempts to deposit assets with expiry into the THORChain_Router contract. An attacker front-runs the deposit function, causing the user's transaction to fail. transfer(address to, uint256 value): Allows an attacker to execute a transfer just before the privileged user's transfer, potentially manipulating token balances to their advantage. transferFrom(address from, address to, uint256 value): Similar to transfer, but allows spending from an approved allowance. An attacker can exploit timing to deplete allowances or manipulate balances. burn(uint256 amount): An attacker can front-run this function to affect the token supply, potentially leading to an incorrect supply calculation or impacting other token-related operations. depositWithExpiry(address vault, address asset, uint256 amount, string memo, uint256 expiration): An attacker can front-run this function to prevent legitimate deposits with expiry, potentially causing users' transactions to fail.
Tools Used
Manual review Formal Verification
Recommended Mitigation Steps
Ensure that critical state changes are made before any external calls, and consider using mechanisms like transaction ordering to prevent front-running. Use Checks-Effects-Interactions: Update state variables before making external calls to ensure consistent state changes.
Assessed type
ERC20