Description:Description\
Let's say a user (i.e. a campaign owner) intends to create a new campaign with a single asset and deposit up-front the total amount of 100 WETH.
Let's assume the user must pay a procotol fee of 1% (1 WETH) on creation, which is an amount that the campaign owner accepts.
A malicious owner notices the create campaign transaction and the owner can front-run the original transaction by calling setGlobalFee or setSpecificFee and set the highest fee possible of 10%, effectively stealing 9 WETH.
The likelihood of this issue is very low, however the severity is medium.
Attack Scenario
User submits a submits a transaction to create a campaign.
The owner front-runs the transaction by setting the highest fee.
Github username: @skypper Twitter username: tudoratu Submission hash (on-chain): 0x0c4f668567bc6045f828f9c0ea56129743e2a4d14a6db4f85399a45bd0abcd62 Severity: medium
Description: Description\ Let's say a user (i.e. a campaign owner) intends to create a new campaign with a single asset and deposit up-front the total amount of 100 WETH.
Let's assume the user must pay a procotol fee of 1% (1 WETH) on creation, which is an amount that the campaign owner accepts.
A malicious owner notices the create campaign transaction and the owner can front-run the original transaction by calling setGlobalFee or setSpecificFee and set the highest fee possible of 10%, effectively stealing 9 WETH.
The likelihood of this issue is very low, however the severity is medium.
Attack Scenario