The FDG contains Bond Incentives that works as a defence against system overwhelm, but also as an incentive for the game players - Challengers and Defenders. Bond incentives will also work as a motivation for an attacker to front-run FDG moves.
Vulnerability Detail
If the attacker finds parties that run Challenger or Defender agents, with good statistics of winning games, the attacker can start monitoring the mempool and fron-run their moves in the game.
The documentation describes other incentives for the bond mechanism:
There are other costs associated with participating in the game, including operating a challenger agent and the opportunity cost of locking up capital in the dispute game. While we do not explicitly create incentives to cover these costs, we assume that the current bond rewards, based on this specification, are enough as a whole to cover all other costs of participation.
Since the game is permissionless, anyone can call the FaultDisputeGame contract functions.
A malicious actor can take advantage of sophisticated systems created by parties specializing in playing fair FDG and operating agents, by front-running their transactions, making moves, locking his own ETH, and collecting bonds by successfully challenging or defending games.
Impact
An attacker can "steal" bonds by challenging a game without putting any effort into running honest Challenger or Defender agents.
The secondary impact is demotivating parties to run agents and play the game as they are being front-runned by mempool bots.
Reported as medium, because there is no direct steal of assets, only the rewards. However, the demotivation of parties running agents can make the Fault Proof system less stable, which can make the consequences higher.
Stiglitz
medium
Fault Dispute Game is prone to front-running
Summary
The FDG contains Bond Incentives that works as a defence against system overwhelm, but also as an incentive for the game players - Challengers and Defenders. Bond incentives will also work as a motivation for an attacker to front-run FDG moves.
Vulnerability Detail
If the attacker finds parties that run Challenger or Defender agents, with good statistics of winning games, the attacker can start monitoring the mempool and fron-run their moves in the game.
The documentation describes other incentives for the bond mechanism:
Since the game is permissionless, anyone can call the
FaultDisputeGamecontract functions. A malicious actor can take advantage of sophisticated systems created by parties specializing in playing fair FDG and operating agents, by front-running their transactions, making moves, locking his own ETH, and collecting bonds by successfully challenging or defending games.Impact
Reported as medium, because there is no direct steal of assets, only the rewards. However, the demotivation of parties running agents can make the Fault Proof system less stable, which can make the consequences higher.
Code Snippet
msg.sender is saved as a
claimantwho collects bonds in case of winning the game https://github.com/sherlock-audit/2024-02-optimism-2024/blob/main/optimism/packages/contracts-bedrock/src/dispute/FaultDisputeGame.sol#L302Tool used
Manual Review
Recommendation
Sign the data sent to the FDG functions so it is not extractable from the public mempool.
Duplicate of #28