0xepley - `createMarket` function can be Dos

[sherlock-admin]

0xepley

medium

createMarket function can be Dos

Summary

The createMarket function in the Factory contract is vulnerable to frontrunning. A frontrunner can deploy their own market before Alice's transaction is confirmed, causing Alice's transaction to revert.

Vulnerability Detail

The vulnerability stems from the deterministic nature of the salt generation Specifically, the salt used for deploying is derived from the pool argument, which is publicly accessible. A frontrunner would first monitor the mempool for transactions that call the createMarket function. Once they see a transaction that calls the createMarket function, they would deploy their own market with the same parameters as Alice's market. Because the frontrunner's market will be deployed before Alice's market, Alice's transaction will revert.

Impact

The function can be DoS'd everytime someone tries to call it.

Code Snippet

https://github.com/sherlock-audit/2023-10-aloe/blob/main/aloe-ii/core/src/Factory.sol#L170-L205

Tool used

Manual Review

Recommendation

Add msg.sender to the salt argument passed to cloneDeterministically.

bytes32 salt = keccak256(abi.encodePacked(pool, msg.sender));

[sherlock-admin2]

4 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, because it doesn't matter who created the market, creator doesn't have any special rights

tsvetanovv commented:

Low

MohammedRizwan commented:

low severity and createMarket() can be called again.

chrisling commented:

not an issue at all, it does not cause any loss of fund nor does it break the contract's core functionality. In fact, such frontrun would be beneficial to the initial caller since they now have the market they want deployed without having to pay gas.