attacker can cancel any order limit and cause a denial of service for users
Summary
attacker can cancel any order limit and cause a denial of service for users
Vulnerability Detail
attacker can cancel any order limit and cause a denial of service for users. Token id's are public the attacker can front-run a transaction by cancel their order limit
Set the owner of offer _id to msg.sender and create a mapping to store these values,
have a function modifier that will use the mapping to cancel orders and check if you are the one who made the order.
check to see if you are the Limit Order announcer before of the token id before the is canceled . Add a function modifier
kgothatso
high
attacker can cancel any order limit and cause a denial of service for users
Summary
attacker can cancel any order limit and cause a denial of service for users
Vulnerability Detail
attacker can cancel any order limit and cause a denial of service for users. Token id's are public the attacker can front-run a transaction by cancel their order limit
Impact
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LimitOrder.sol#L87
Tool used
Manual Review
Recommendation
Set the owner of offer _id to
msg.sender
and create a mapping to store these values, have a function modifier that will use the mapping to cancel orders and check if you are the one who made the order. check to see if you are the Limit Order announcer before of the token id before the is canceled . Add a function modifier