Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SellMalt() is open to frontrunning #82

Closed
code423n4 opened this issue Nov 29, 2021 · 2 comments
Closed

SellMalt() is open to frontrunning #82

code423n4 opened this issue Nov 29, 2021 · 2 comments
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@code423n4
Copy link
Contributor

Handle

jayjonah8

Vulnerability details

Impact

The sellMalt() function in UniswapHandler.sol can be called by anyone and can also be frontrun because it just checks the rewards tokens in the contract and sends them to the msg.sender.

Proof of Concept

https://github.com/code-423n4/2021-11-malt/blob/main/src/contracts/DexHandlers/UniswapHandler.sol#L160

Tools Used

Manual code review
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Nov 29, 2021
code423n4 added a commit that referenced this issue Nov 29, 2021
@code423n4
jayjonah8 issue #82
9d93130
@0xScotch 0xScotch added the duplicate This issue or pull request already exists label Dec 10, 2021
@0xScotch
Copy link
Collaborator

0xScotch commented Dec 10, 2021
edited
Loading

#120

@GalloDaSballo
Copy link
Collaborator

Finding is not a duplicate of #120
This finding is saying that sell malt allows the caller to take all the reward tokens

However these tokens are the outcome of the swap and are sent to each caller each time.
I don't believe there can be any meaningful frontrun nor stealing of funds.
Obviously nobody should sent their malt and then call sellMalt the operation has to be done in a single tx, which the system as a whole already does

Marking as invalid

@GalloDaSballo GalloDaSballo added invalid This doesn't seem right and removed 3 (High Risk) Assets can be stolen/lost/compromised directly duplicate This issue or pull request already exists labels Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GalloDaSballo @0xScotch @code423n4