Closed sherlock-admin closed 1 year ago
The factory uses msg.sender
as part of the salt, so front running doesn't work
Escalate for 1 USDC
Although msg.sender
might be not visible directly the result of salt will still be observable in the public mempool and an attacker (or a possible business rival) can effectively make the protocol useless.
It is often regarded that front-running is not a problem because the same contract will be deployed all the time as mentioned in StackOverflow. But the problem in the current implementation is that the initialization is done after that which prevents the initialization of the contract.
Escalate for 1 USDC
Although
msg.sender
might be not visible directly the result of salt will still be observable in the public mempool and an attacker (or a possible business rival) can effectively make the protocol useless.It is often regarded that front-running is not a problem because the same contract will be deployed all the time as mentioned in StackOverflow. But the problem in the current implementation is that the initialization is done after that which prevents the initialization of the contract.
You've created a valid escalation for 1 USDC!
To remove the escalation from consideration: Delete your comment. To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation rejected
It is not possible to front-run a valid stream contract deployment as it can be created through StreamFactory only. Any other stream created even with the same salt and other parameters gets a different address. Hence this attack would not be possible.
There is also a test case for the same.
Escalation rejected
It is not possible to front-run a valid stream contract deployment as it can be created through StreamFactory only. Any other stream created even with the same salt and other parameters gets a different address. Hence this attack would not be possible.
There is also a test case for the same.
This issue's escalations have been rejected!
Watsons who escalated this issue will have their escalation amount deducted from their next payout.
hansfriese
high
Protocol can become useless by malicious attackers through front-running
Summary
A malicious attacker can front-run
createStream()
and deploy the same stream implementation before the protocol and this prevents the stream's initialization, which makes the protocol useless.Vulnerability Detail
The
createStream()
function at StreamFactory.sol #L184 clones the stream implementation with data and salt based on the input arguments. The problem is the stream initialization is called after callingcloneDeterministic()
.Because
create2()
reverts if it is called with the same arguments, an attacker can front-run and deploys the exact same implementation before the protocol to make the call tocloneDeterministic()
revert. As a result, stream initialization will not be called andremainingBalance()
will stay zero. This affects the whole streaming logic and the protocol becomes useless. Furthermore, the streams are likely to be created based on DAO proposals which will go through some time period. So this attack can make the whole effort useless and selectively prevent creating an unfavorable stream.Impact
The protocol becomes useless because its core functionalities will not work. Although I could not find any lock of funds from this exploit (because funds can be claimed via
cancel()
anyway), I set the impact level to High because it makes the whole protocol useless.Code Snippet
https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/src/StreamFactory.sol#L202
Tool used
Manual Review
Recommendation
It is not desirable doing initialization things out of contract from the factory level. I recommend adding an
initialized
flag in the stream contract and to check that before any user interactions. Of course, it should be ensured that initialization is done at most once.