Cheesy Clay Dinosaur
Medium
In Manager.sol, inside executeOrder(), the order state (isSpent = true;) is updated after execution, allowing:
Front-running: Attackers can monitor the mempool, execute the same order with higher gas fees, and get their transaction mined first.
No response
- A valid pending order exists for a market.
- An attacker monitors the mempool for executeOrder() calls.
- The contract does not enforce immediate invalidation (isSpent is set after execution).
- Ethereum mempool must be publicly accessible, allowing attackers to see pending executeOrder() transactions.
- MEV bots or attackers must have faster gas-adjusting strategies to submit transactions with higher gas.
- User submits a valid order execution:
executeOrder(ETHMarket, Alice, 123); - Attacker detects the transaction in the mempool.
- Attacker submits an identical transaction but with higher gas fees.
executeOrder(ETHMarket, Alice, 123); // Attacker front-runs this order - The attacker's transaction is mined first, executing Alice’s order under their control.
- Alice's original transaction gets mined later, failing due to order.isSpent = true;.
Users suffer losses due to manipulated execution prices. MEV bots or malicious actors gain unfair advantages over legitimate users. Some examples of impact,
- A stop-loss order is front-run, and the attacker buys at a lower price before it executes.
- The user’s stop-loss gets triggered at a worse price, and the attacker sells at a profit.
No response
No response