🏦Resource Bank to more front running examples

This page is a open resource where any examples of front running found in bug bounties, audit reports or live attacks are to be added here.

Book an audit with Zokyo

Links

1) Slingshot finance code4rena audit report contains multiple front-run vulnerabilities

2) ElasticDAO code4rena audit report where Malicious actors can avoid penalty: A DAO member may be able to predict when they will be penalized if they monitor the mempool for events related to the penalize function on the contract. This member can then avoid penalization by transferring their balance to another address and sending it back to the original account after the next block. Since the penalty transaction will revert if the amount is greater than the balance, an attacker could potentially frontrun the penalty by calling the exit function with a miniscule amount of ETH. They could also exit the DAO completely. This loophole provides potential incentive for malicious actors to exploit the DAO.

3) [LOW] Front-running setFees() could avoid fees

4) [LOW] Mint can be front-run

5) [MED] Potential griefing with DoS by front-running vault creation with same vaultID

6) [MED] Vulnerable Pool initial rate

7) [MED] Trader orders can be front-run and users can be denied from trading

8) [HIGH] DOS by Frontrunning NoteERC20 initialize() Function

9) [MED] Rewards squatting - setting rewards in different ERC20 tokens opens various economic attacks.

10) [High] Unrestricted Front run in VestFor()

Any questions so far? ask Omar Inuwa