Boxy Rouge Eel
High
The initialize function in DebitaLendOffer-Implementation.sol is vulnerable to front-running attacks , it is publicly accessible without proper access control or parameter validation. An attacker can observe an initialization transaction in the mempool and submit their own transaction with manipulated parameters, such as assigning themselves ownership or providing malicious configurations. This allows unauthorized parties to gain control over the contract or disrupt its intended functionality.
No response
No response
No response
No response
Protocol Disruption: Malicious parameters, such as fake oracle addresses or invalid lending terms, can render the contract dysfunctional.
- Setup
- The initialize function is publicly accessible and has no restrictions on authorized callers.
- When the deployer tries to initialize the contract with valid parameters.
- Exploit
- A malicious actor observes the initialization transaction in the mempool.
- The attacker sends a transaction with higher gas to initialize the contract before the legitimate transaction is mined, using manipulated parameters: _owner: The attacker's address. _oracleID_Principle or _aggregatorContract: A malicious contract address. _apr, _maxLTVs, or other parameters: Arbitrary or harmful values.
- Outcome:
- The attacker’s transaction is mined first, resulting in the contract being initialized with malicious parameters.
- The legitimate initialization transaction fails due to the contract being already initialized.
Restrict the initialize function so only trusted entities (e.g., the factory contract) can call it.