The submitAnswer and submitAnswerFor as stated in the comments, are front-runnable. However the submitAnswerCommitment and submitAnswerReveal function are also front-runnable. The reason is that there is no mechanism to prevent front-running, it only splits the submitAnswer function to two functions.
The function submitAnswerCommitment should include the _answerer within the answer_hash , extract him and validate him, if the _answerer wasn’t equal to the extracted value from the answer_hash , it would revert and the function wouldn’t be maliciously front-runnable.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xa3d4e5242323ee490da9b267496747be8cba6ec6bc304ffa57160a721a7d3581 Severity: low
Description: Description
The
submitAnswer
andsubmitAnswerFor
as stated in the comments, are front-runnable. However thesubmitAnswerCommitment
andsubmitAnswerReveal
function are also front-runnable. The reason is that there is no mechanism to prevent front-running, it only splits thesubmitAnswer
function to two functions.Attachments
The function
submitAnswerCommitment
should include the_answerer
within theanswer_hash
, extract him and validate him, if the_answerer
wasn’t equal to the extracted value from theanswer_hash
, it would revert and the function wouldn’t be maliciously front-runnable.