Function manageTokens can be front-runned, causing user calls to fail.
Details
Function manageTokens is used to trade in exchange for tokenToBuy. However, malicious users can front-run it, causing normal users' calls to fail. Firstly, _distributeTokenToBuy will revert when the reward amount is zero. Secondly, when the trades[erc20] is not zero, it also will revert. So, malicious can expliot it to make legitimate users' transactions fail.
Tools Used
Vscode
Recommended Mitigation Steps
When the reward amount is zero, should do nothing instead of revert.
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/main/contracts/p1/RevenueTrader.sol#L129-L131 https://github.com/code-423n4/2024-07-reserve/blob/main/contracts/p1/RevenueTrader.sol#L157
Vulnerability details
Impact
Function manageTokens can be front-runned, causing user calls to fail.
Details
Function manageTokens is used to trade in exchange for tokenToBuy. However, malicious users can front-run it, causing normal users' calls to fail. Firstly,
_distributeTokenToBuy
will revert when the reward amount is zero. Secondly, when thetrades[erc20]
is not zero, it also will revert. So, malicious can expliot it to make legitimate users' transactions fail.Tools Used
Vscode
Recommended Mitigation Steps
Assessed type
Context