You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, when investigating the contracts of NAOS, I really appreciate your great work in designing this protocol.
However, I have an issue regarding the forceTransmute function in the Transmuter contract.
function forceTransmute(addresstoTransmute) public runPhasedDistribution updateAccount(msg.sender) updateAccount(toTransmute) checkIfNewUser {
I can see that there is no access control on this forceTransmute function, and anyone can call it to obtain profits as tokensInBucket, which can be later withdrawn and claimed.
I understand that the purpose here is to incentive blockchain users to transmute some address which has over-filled and keep the protocol running smoothly.
However, any transaction from a normal/honest NAOS user who makes efforts to identify an over-filled address and call forceTransmut, trying to contribute to the NAOS community, making the protocol healthy, and hoping to get some additional rewards back.
But his/her transaction can be front-run by those front-running bots on the blockchain, taking away the rewards.
This would be a bad experience for honest users of NAOS.
Do you think this forceTransmute function will expose an MEV opportunity on the blockchain?
The text was updated successfully, but these errors were encountered:
Hi, when investigating the contracts of NAOS, I really appreciate your great work in designing this protocol.
However, I have an issue regarding the
forceTransmute
function in theTransmuter
contract.NAOS-Formation/contracts/Transmuter.sol
Line 254 in db3373b
I can see that there is no access control on this
forceTransmute
function, and anyone can call it to obtain profits astokensInBucket
, which can be later withdrawn and claimed.I understand that the purpose here is to incentive blockchain users to transmute some address which has over-filled and keep the protocol running smoothly.
However, any transaction from a normal/honest NAOS user who makes efforts to identify an over-filled address and call
forceTransmut
, trying to contribute to the NAOS community, making the protocol healthy, and hoping to get some additional rewards back.But his/her transaction can be front-run by those front-running bots on the blockchain, taking away the rewards.
This would be a bad experience for honest users of NAOS.
Do you think this
forceTransmute
function will expose an MEV opportunity on the blockchain?The text was updated successfully, but these errors were encountered: