Platform: Code4rena
Start Date: 02/08/2022
Pot Size: $50,000 USDC
Total HM: 12
Participants: 69
Period: 5 days
Judge: gzeon
Total Solo HM: 5
Id: 150
League: ETH
Rank: 58/69
Findings: 1
Award: $67.51
π Selected for report: 0
π Solo Findings: 0
π Selected for report: IllIllI
Also found by: 0x1f8b, 0xDjango, 0xNazgul, 0xc0ffEE, 8olidity, Bnke0x0, Chom, CodingNameKiki, Deivitto, Dravee, Funen, JC, JohnSmith, NoamYakov, ReyAdmirado, Rohan16, Rolezn, Sm4rty, SooYa, TomFrenchBlockchain, TomJ, Waze, __141345__, ajtra, ak1, aysha, bin2chen, bobirichman, brgltd, bulej93, c3phas, delfin454000, durianSausage, erictee, fatherOfBlocks, gogo, horsefacts, hyh, ladboy233, mics, natzuu, nxrblsrpr, oyc_109, rbserver, samruna, sikorico, simon135, tofunmi, wagmi
67.5073 USDC - $67.51
In MIMOProxyRegistry.deployFor() function, anyone can call to deploy for other users. And if the proxy already exists, it will revert instead of returning the existing one.
if (address(currentProxy) != address(0) && currentProxy.owner() == owner) { revert CustomErrors.PROXY_ALREADY_EXISTS(owner); }
Attacker can front-run users when users try to deploy proxy, make the transaction of users revert. Users still get their proxy but it shows transaction reverted on UI, block explorer,... and affect user experience.
Consider the scenario
MIMOProxyRegistry.deploy() to deploy her own MIMOProxy.MIMOProxyRegistry.deployFor(address(Alice)) and deploy the proxy for Alice.Manual Review
Consider to return the proxy address if it already exists in MIMOProxyRegistry.deployFor()
if (address(currentProxy) != address(0) && currentProxy.owner() == owner) { return currentProxy; }
#0 - horsefacts
2022-08-08T23:06:10Z
Agree with the narrow finding here, defer on the severity.
#1 - RayXpub
2022-08-10T11:34:38Z
This is more of a UI problem as mentioned, there is no risk of loss for the user and no incentive for an attacker to do so, thus we consider that this issue should be downgraded to QA