AUDITA'S VULNERABILITY HIGHLIGHTS
Part 6: Front Running attack upon fee change
Imagine a scenario in which the fee value of a DEX, or a specific pool is hardcoded to 0 in the constructor.
Somewhere down the line, this fee amount might need to be changed. This happens by calling the set function after deployment to configure the fees.
However, in such a case, an attacker can front-run the set call and invoke deposit before that — without paying the appropriate fee.
How to fix and prevent this attack?
➡️ Allow for fees to be defined in the constructor.
Follow and ReX @AuditaSecurity on X and LinkedIn for safety tips, hack alerts and all things Web3.
Stay safu!
Audita's Team