search

hats-finance / Tapioca-0xe0b920d38a0900af3bab7ff0ca0af554129f54ad

4 stars 4 forks source link

Malicious user can front-run `brokerClaim()` and become a broker. #7

Open hats-bug-reporter[bot] opened 5 months ago

hats-bug-reporter[bot] commented 5 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x81625270c61d1363e719cf8bac6cfc645a25ccb3a76dbf0adabb1a70a239b04a Severity: medium

Description: Description

In oTAP.sol malicious user can front-run brokerClaim() and become a broker.

Attack Scenario

In oTAP.sol we have brokerClaim():

    function brokerClaim() external {
        if (broker != address(0)) revert OnlyOnce();
        broker = msg.sender;
    }

The function can only be called once. Who calls it becomes a broker. A malicious user can front-run the admin and call it before him. To prevent this it is best to set the broker in the constructor.

Attachments

    function brokerClaim() external {
        if (broker != address(0)) revert OnlyOnce();
        broker = msg.sender;
    }
0xRektora commented 5 months ago

We are aware of this, it has been discussed on several previous audits.