The buyFee field in the getPair function is public, which means that a malicious user could call the function to get the buyFee value and then use that value to exploit the contract. For example, the malicious user could use the buyFee value tofront-run a trade, which would allow them to buy or sell tokens at a price that is more favorable to them.
Vulnerability Detail
function getTokenType(address token) external view returns (TokenType);
function getPair(address tokenX, address tokenY) external view returns (PairConfig memory pair);
function pairByIndex(uint256 index) external view returns (PairConfig memory pair);
}
The buyFee field is a value that represents the percentage of the purchase price that is taken as a fee by the contract. This field should not be public because it could be used by malicious users to front-run trades.
Front-running is a type of attack where a malicious user uses knowledge of an upcoming trade to place their own trade ahead of the victim's trade. This allows the malicious user to buy or sell tokens at a price that is more favorable to them, In this case, the malicious user could call the getPair function to get the buyFee value. Then, the malicious user could place their own trade before the victim's trade. This would allow the malicious user to buy or sell tokens at a price that is less than the price that the victim would pay.
Impact
An example of how an attacker could exploit this vulnerability so the victim wants to buy 100 tokens. The buyFee is 1%, which means that the victim will pay 1 token in fees, if the malicious user knows that the victim wants to buy 100 tokens, they can call the getPair function to get the buyFee value. Then, the malicious user can place their own trade for 100 tokens before the victim's trade. The malicious user will only pay 99 tokens in fees, because they will not have to pay the buyFee. This means that the malicious user will make a profit of 1 token.
XDZIBEC
high
XO-Buy Fee Field Public in getPair Function
Summary
The
buyFee
field in thegetPair
function is public, which means that a malicious user could call the function to get thebuyFee
value and then use that value to exploit the contract. For example, the malicious user could use thebuyFee
value tofront-run
a trade, which would allow them tobuy
orsell
tokens at a price that is more favorable to them.Vulnerability Detail
buyFee
field is a value that represents the percentage of the purchase price that is taken as a fee by the contract. This field should not be public because it could be used by malicious users tofront-run
trades.Front-running
is a type of attack where a malicious user uses knowledge of an upcoming trade to place their own trade ahead of the victim's trade. This allows the malicious user to buy or sell tokens at a price that is more favorable to them, In this case, the malicious user could call thegetPair
function to get thebuyFee
value. Then, the malicious user could place their own trade before the victim's trade. This would allow the malicious user to buy or sell tokens at a price that is less than the price that the victim would pay.Impact
100
tokens. ThebuyFee
is1%
, which means that the victim will pay1
token infees
, if the malicious user knows that the victim wants to buy100
tokens, they can call thegetPair
function to get thebuyFee
value. Then, the malicious user can place their own trade for100
tokens before the victim's trade. The malicious user will only pay99
tokens infees
, because they will not have to pay thebuyFee
. This means that the malicious user will make a profit of1
token.Code Snippet
Tool used
Manual Review
Recommendation
-The
buyFee
field should be marked as private. This would prevent malicious users from calling thegetPair
function to get thebuyFee
value.