jacksanford1
commented
1 year ago Admin note: Protocol team confirmed the issue and labeled "Won't Fix."
Open sherlock-admin opened 1 year ago
jacksanford1
commented
1 year ago Admin note: Protocol team confirmed the issue and labeled "Won't Fix."
gmx
medium
Front Run of addBlackList() function
Summary
Front Run of addBlackList() function
Vulnerability Detail
Front running can be done either by sending a tx with a higher gas price (usually tx are ordered in a block by the gas price / total fee), or by paying an additional fee to the validator if they manage to run their tx without reverting (i.e. by sending additional ETH to block.coinbase, hoping validator will notice it).
Impact
Malicious user could listen the mempool in order to check if he sees a tx of blacklisting for his address , if it happens he could front run this tx by sending a tx with higher gas fee to transfer his funds to prevent them to be removed by removeBlackFunds() function
Code Snippet
https://github.com/sherlock-audit/2023-02-telcoin/blob/main/telcoin-audit/contracts/stablecoin/Stablecoin.sol#L159
Tool used
Manual Review
Recommendation
Use the same mechanism as in StakingModule.sol to prevent user from withdrawing their funds if blacklisted so that front running won't be useful