All functions with permit functionallity can be griefed by attacker as he can frontrun uses the honest user signature
Vulnerability Detail
In the removeLiquidityWithPermit function, users are expected to sign their tokens and provide the signature within the permitData. However, during the transaction mempool phase, an attacker can intercept this signature and invoke the permit function on the token themselves. Since the signature is valid, the token accepts it, thereby incrementing the nonce. Consequently, when the spender's transaction is eventually mined, it fails due to the incremented nonce.
Impact
Attack can be made by attacker by frontrunnig honest user tx again and again. But it can lowered by using rpc calls or mev blocker
sa9933
medium
removeLiquiditywithPermit() can be greifed
Summary
All functions with permit functionallity can be griefed by attacker as he can frontrun uses the honest user signature
Vulnerability Detail
In the removeLiquidityWithPermit function, users are expected to sign their tokens and provide the signature within the permitData. However, during the transaction mempool phase, an attacker can intercept this signature and invoke the permit function on the token themselves. Since the signature is valid, the token accepts it, thereby incrementing the nonce. Consequently, when the spender's transaction is eventually mined, it fails due to the incremented nonce.
Impact
Attack can be made by attacker by frontrunnig honest user tx again and again. But it can lowered by using rpc calls or mev blocker
Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap-Harsh4509/blob/429cf6677c18affa3d5ca343811e1a9763bbdfdb/jalaswap-dex-contract/contracts/JalaRouter02.sol#L165
Tool used
Manual Review
Recommendation
Use try Catch Block
https://github.com/trust1995/trustlessPermit/blob/07a51a046580c5a6c7bb71cbf4cf6738e85ab310/TrustlessPermit.sol#L18
Duplicate of #177