VaultBitcoinWallet ; user who exempted from fee can front run and complete withdrawal or deposit before owner can enable them as fee payer.

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa64f515f725466ce80cce1e8e6559a97d69f0ea875425cbad8422d6e272aa051 Severity: low

Description: Description\

Both deposit and withdraw charge the protocol fee. User can be exempted from paying fee by setting the map using the toggleFeesExclusion function. This is done by the owner.

Lets see a case :

user who deposited large amount btc and going to withdraw. This person is excempted from paying fee. owner wanted to set this user to pay the fee for withdrawal by calling the toggleFeesExclusion.

When this user notice the such transaction pending in the mempool, they would pay high gas fee and front run the toggleFeesExclusion and withdraw without paying fee.

Attachments

2. Revised Code File (Optional)

before toggleFeesExclusion, pause the deposit and withdraw and update the fee exclusion. After this call, unpause the deposit and withdrawal.

[aktech297]

@party-for-illuminati pls clarify

[party-for-illuminati]

@party-for-illuminati pls clarify

Not an issue