AUDITA'S VULNERABILITY HIGHLIGHTS
Front Running Attack Upon Fee Change
Part 6: Front Running attack upon fee change
Imagine a scenario in which the fee value of a DEX, or a specific pool is hardcoded to 0 in the constructor.
Somewhere down the line, this fee amount might need to be changed. This happens by calling the set function after deployment to configure the fees.
However, in such a case, an attacker can front-run the set call and invoke deposit before that — without paying the appropriate fee.
How to fix and prevent this attack?
➡️ Allow for fees to be defined in the constructor.
Follow and ReX @AuditaSecurity on X and LinkedIn for safety tips, hack alerts and all things Web3.
Stay safu!
Audita's Team
AUDITA'S VULNERABILITY HIGHLIGHTS
Front Running Attack Upon Fee Change
Part 6: Front Running attack upon fee change
Imagine a scenario in which the fee value of a DEX, or a specific pool is hardcoded to 0 in the constructor.
Somewhere down the line, this fee amount might need to be changed. This happens by calling the set function after deployment to configure the fees.
However, in such a case, an attacker can front-run the set call and invoke deposit before that — without paying the appropriate fee.
How to fix and prevent this attack?
➡️ Allow for fees to be defined in the constructor.
Follow and ReX @AuditaSecurity on X and LinkedIn for safety tips, hack alerts and all things Web3.
Stay safu!
Audita's Team
AUDITA'S VULNERABILITY HIGHLIGHTS
Front Running Attack Upon Fee Change
Part 6: Front Running attack upon fee change
Imagine a scenario in which the fee value of a DEX, or a specific pool is hardcoded to 0 in the constructor.
Somewhere down the line, this fee amount might need to be changed. This happens by calling the set function after deployment to configure the fees.
However, in such a case, an attacker can front-run the set call and invoke deposit before that — without paying the appropriate fee.
How to fix and prevent this attack?
➡️ Allow for fees to be defined in the constructor.
Follow and ReX @AuditaSecurity on X and LinkedIn for safety tips, hack alerts and all things Web3.
Stay safu!
Audita's Team
Blog
More from Audita
Our take on Web3 security
Blog
More from Audita
Our take on Web3 security
Blog
More from Audita
Our take on Web3 security
Audita's Vulnerability Highlights: Part 5
Unintended Royalty Fee Increase
Unintended Royalty
Fee Increase
Read Article
Audita's Vulnerability Highlights: Part 2
Reset Price of an NFT (listItem)
Reset Price
of an NFT (listItem)
Read Article