Potential Front-Running Vulnerability in GSP Contract's Initialization Process
dian.ivanov
medium
Potential Front-Running Vulnerability in GSP Contract's Initialization Process
Summary
Init function in GSP contract is open to be called for everyone. In the first transaction someone can deploy the GSP contract and in a second one he has to call init to initialize it's state. A frontrunner can exploit this to "steal" the initialization.
Vulnerability Detail
A frontrunner can listen to the mempool and check if there is a transaction for deployment and another for initialization and then sneak a transaction in between in order to steal the initialization from the original deployer.
Impact
Because of the front-running transaction, the original deployer's init function is reverted and the GSP contract has strange or convenient for the attacker state/data.
For example the deployer didn't want the TWAP to be available but the attacker initialize the TWAP to be available.
Limit the access to the init function in the GSP contract to the deployer or to a set of trusted addresses, employing proper access control to prevent unauthorized initialization.
dian.ivanov
medium
Potential Front-Running Vulnerability in GSP Contract's Initialization Process
dian.ivanov
medium
Potential Front-Running Vulnerability in GSP Contract's Initialization Process
Summary
Init function in GSP contract is open to be called for everyone. In the first transaction someone can deploy the GSP contract and in a second one he has to call init to initialize it's state. A frontrunner can exploit this to "steal" the initialization.
Vulnerability Detail
A frontrunner can listen to the mempool and check if there is a transaction for deployment and another for initialization and then sneak a transaction in between in order to steal the initialization from the original deployer.
Impact
Because of the front-running transaction, the original deployer's init function is reverted and the GSP contract has strange or convenient for the attacker state/data. For example the deployer didn't want the TWAP to be available but the attacker initialize the TWAP to be available.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSP.sol#L34
Tool used
Manual Review
Recommendation
Limit the access to the init function in the GSP contract to the deployer or to a set of trusted addresses, employing proper access control to prevent unauthorized initialization.
Duplicate of #27