User may be front-run when trying to deploy MIMOProxy
#148
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
old-submission-method
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxyRegistry.sol#L49-L51
Vulnerability details
Impact
In
MIMOProxyRegistry.deployFor()
function, anyone can call to deploy for other users. And if the proxy already exists, it will revert instead of returning the existing one.Attacker can front-run users when users try to deploy proxy, make the transaction of users revert. Users still get their proxy but it shows transaction reverted on UI, block explorer,... and affect user experience.
Proof of Concept
Consider the scenario
MIMOProxyRegistry.deploy()
to deploy her own MIMOProxy.MIMOProxyRegistry.deployFor(address(Alice))
and deploy the proxy for Alice.Tools Used
Manual Review
Recommended Mitigation Steps
Consider to return the proxy address if it already exists in
MIMOProxyRegistry.deployFor()
The text was updated successfully, but these errors were encountered: