search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

AgileJune - initialize() in RubiconFeeController can be frontrun #3

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

AgileJune

high

initialize() in RubiconFeeController can be frontrun

Summary

initialize() in RubiconFeeController can be frontrun

Vulnerability Detail

The malicious user can front run initialize() with higher gas fee to set feeRecipient as his own address, then real owner can't assign it again because initialized is set true already.

Impact

The adversary can set feeRecipient to steal funds.

Code Snippet

https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L39-L48

Tool used

Manual Review

Recommendation

Prevent to call initialize() by any user, for instance, adding auth modifier can solve the issue.

sherlock-admin commented 7 months ago

3 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low

PNS commented:

Front-running initializers where there is no irreversible damage or loss of funds & the protocol could just redeploy and initialize again is not a valid issue.

0xAadi commented:

Invalid