search

sherlock-audit / 2024-08-flayer-judging

0 stars 0 forks source link

Cuddly Ocean Gibbon - Frontrun of execute can lead the DOS of voting #749

Open sherlock-admin4 opened 4 days ago

sherlock-admin4 commented 4 days ago

Cuddly Ocean Gibbon

Medium

Frontrun of execute can lead the DOS of voting

Summary

An attacker can prevent a fair vote from completing in CollectionShutdown by frontrunning execute.

Vulnerability Detail

Since anyone can call cancel() in CollectionShutdown.sol it is possible to frontrun execution of execute() function, which allows an attacker to prevent a fair vote from being completed.

https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/utils/CollectionShutdown.sol#L390-L405

Attack scenario:

  1. Collection holders vote,
  2. The number of votes reaches quorumVotes and canExecute becomes true,
  3. Owner calls execute,
  4. The attacker front-runs the Owner's transaction with their own, in which they call cancel,
  5. The fair vote is cancelled, it needs to be started again, the attacker can do this as many times as they want since the attack doesn't require significant resources.

Impact

DoS of voting, users have to withdraw their votes and vote again, which in turn causes gas expenses

Tool used

Manual Review

Recommendation

To avoid these risks, in our opinion, one of the following solutions can be used:

  1. Remove the ability for anyone to cancel the voting, delegate such rights either only to the Owner or, at the very least, to a collection holder, which will reduce the risks of such attack scenarios, but this only increases the cost of the attack, as the attacker would need to be a collection holder
  2. To completely eliminate such risks - it is necessary to remove the cancel function as this is generally a strange solution, considering that one person can decide for all collection holders.