_executeOrder function is vulnerable to frontrunning attacks
Summary
The _executeOrder function can potentially be frontrun if the executor sees a pending profitable order
Vulnerability Detail
This is possible because the reentrancy guard is only checking for calls at the start of withdraw(). The _ensureApprove() call happens after the state change of burning shares, so it is vulnerable.
This Link reads the pending position, executes the order against it, and commits the updated position.
The vulnerability comes from the fact that between reading the pending position and committing it, another transaction could come in and update the pending position.
For example:
_executeOrder reads currentPosition with 100 DAI in long
Attacker frontruns and updates pending position to long 200 DAI
_executeOrder executes the order against the old 100 DAI position
_executeOrder commits 200 DAI long instead of the expected position
This could allow the attacker to profit by manipulating the pending position before _executeOrder commits.
Impact
The attacker profit by manipulating the pending position before _executeOrder commits
feelereth
high
_executeOrder function is vulnerable to frontrunning attacks
Summary
The _executeOrder function can potentially be frontrun if the executor sees a pending profitable order
Vulnerability Detail
This is possible because the reentrancy guard is only checking for calls at the start of withdraw(). The _ensureApprove() call happens after the state change of burning shares, so it is vulnerable.
This Link reads the pending position, executes the order against it, and commits the updated position. The vulnerability comes from the fact that between reading the pending position and committing it, another transaction could come in and update the pending position. For example:
Impact
The attacker profit by manipulating the pending position before _executeOrder commits
Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L370-L380
Tool used
Manual Review
Recommendation