The GSPFundingcontract has a functionsellShareswhich returns the baseAmount and quoteAmount and that may add the risks of Frontrunning
Vulnerability Detail
In sellSharesfunction returns thebaseAmount and quoteAmount , here there may be risks of Frontrunning attack, the attacker can monitor these pending transactions and may try to front-run a users trade by submitting a transaction with slightly higher amounts.
Impact
The user may benefit the attacker and may cause the user few more money for the same trade, it also manipulates the market.
set a threshold amount limit (amount limit which says how much higher or lower the user is willing to pay for the particular transaction, if the frontrunning happens and the amount goes higher than threshold limit then the transaction reverts , hence protecting the user from the frontrunning attatks )
0xBhumii
medium
Frontrunning risks!
Summary
The
GSPFundingcontract has a functionsellShareswhich returns thebaseAmountandquoteAmountand that may add the risks of FrontrunningVulnerability Detail
In
sellSharesfunction returns thebaseAmountandquoteAmount, here there may be risks of Frontrunning attack, the attacker can monitor these pending transactions and may try to front-run a users trade by submitting a transaction with slightly higher amounts.Impact
The user may benefit the attacker and may cause the user few more money for the same trade, it also manipulates the market.
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L99
Tool used
Manual Review
Recommendation
set a threshold amount limit (amount limit which says how much higher or lower the user is willing to pay for the particular transaction, if the frontrunning happens and the amount goes higher than threshold limit then the transaction reverts , hence protecting the user from the frontrunning attatks )
Duplicate of #148