sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

smbv-1923 - Attacker would frontrun user's transaction and steal user's excessive ETH #450

Closed sherlock-admin3 closed 1 month ago

sherlock-admin3 commented 2 months ago

smbv-1923

high

Attacker would frontrun user's transaction and steal user's excessive ETH

Summary

Attacker would frontrun user's transaction like mint() , mintWithComment() , mintBatch() and steal user's excessive ETH

Vulnerability Detail

Attacker would see the above mentioned functions in mempool where user have passed excessive ETH .
Then attacker frontrun user's transaction increasing the mintFee price using setFeeStrategy()
And there is no check for the mintFee amount inside validateStrategy().
So attacker would increase the mintFee to very high value causing loss of user's fund.

Impact

Loss of exessive ETH of user due to frontrunning.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/editions/Edition.sol#L368
Tool used

Manual Review

Recommendation

setFeeStrategy() should not be changed during minting of tokens.