sherlock-admin4
commented
8 months ago 2 comment(s) were left on this issue during the judging contest.
WangAudit commented:
mentioned in the previous audit with a won't fix label
takarez commented:
invalid; previously
wont Fix: https://github.com/sherlock-audit/2023-02-telcoin-judging/issues/43
the-first-elder
medium
Front Run of addBlackList() function
Summary
Front Run of addBlackList() function
Vulnerability Detail
Front running can be done either by sending a tx with a higher gas price (usually tx are ordered in a block by the gas price / total fee), or by paying an additional fee to the validator if they manage to run their tx without reverting
Impact
Malicious user could listen the mempool in order to check if he sees a tx of blacklisting for his address , if it happens he could front run this tx by sending a tx with higher gas fee to transfer his funds to another address to prevent them to be removed by _onceBlacklisted() function
Code Snippet
https://github.com/sherlock-audit/2024-02-telcoin-platform-audit-update/blob/main/telcoin-contracts/contracts/util/abstract/Blacklist.sol#L72
Tool used
Manual Review
Recommendation
A delay Period can be Implemented when calling
swapAndSend,convertFromEXYZandtransferfunction of EXYZ respectively