search

sherlock-audit / 2023-11-covalent-judging

3 stars 2 forks source link

Atharv - Sandwich Attack on rewardValidators Function, Attacker can earn max-profit quickly. #94

Closed sherlock-admin closed 7 months ago

sherlock-admin commented 7 months ago

Atharv

high

Sandwich Attack on rewardValidators Function, Attacker can earn max-profit quickly.

Summary

A Sandwich Attack is possible on OperationalStaking.sol::rewardValidators function.

Vulnerability Detail

Sanwitch attack is possible on OperationalStaking.sol::rewardValidators function where attacker frontrun the OperationalStaking.sol::rewardValidators function and stakes to the validator-Id who is getting more rewards and then OperationalStaking.sol::rewardValidators function will execute and again Attacker will submit the transaction and call OperationalStaking.sol:redeemRewards and will get the profit without staking for long time.

Impact

High

Code Snippet

Code

Tool used

Manual Review

Recommendation

Check when the people staking and add time period after finishing that specific time only people will get rewards not before finishing the timeperiod with same validator.

Duplicate of #47

sherlock-admin2 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: duplicate of 107; medium(4)