Comments (11)
Evert0x
commented on September 2, 2024
2
I don't think this is a valid issue.
It's the responsibility of the end user to acquire LOOKS at a good price. If the price of LOOKS would exponentially increase the minute before someone needs them, the person is paying the price for their urgent need to acquire LOOKS.
renders the periphery contract useless
The periphery contract is functioning exactly like it's supposed to, as it reflects the market price.
from 2023-10-looksrare-judging.
Oot2k
commented on September 2, 2024
1
Escalate
I think this issue describes the impact of the price manipulation issue differently and thereby should be a valid medium.
The attack idea here is to make the heal swap revert by price manipulation to prevent healing and kill agents.
The difference here to other defi apps is that make a transaction revert can cause financial damage.
Think of following case:
User1 has 100 wounded agents, next round would be the last to heal them before they die.
User1 now waits till right before next round start and calls heal.
Attacker manipulates price.
User1s heal reverts, next round gets called and his agents die.
This attack is quite expensive, but the economical damage can be quite high, hence medium severity.
from 2023-10-looksrare-judging.
sherlock-admin2
commented on September 2, 2024
Escalate
I think this issue describes the impact of the price manipulation issue differently and thereby should be a valid medium.
The attack idea here is to make the heal swap revert by price manipulation to prevent healing and kill agents.
The difference here to other defi apps is that make a transaction revert can cause financial damage.
Think of following case:
User1 has 100 wounded agents, next round would be the last to heal them before they die.
User1 now waits till right before next round start and calls heal.
Attacker manipulates price.
User1s heal reverts, next round gets called and his agents die.This attack is quite expensive, but the economical damage can be quite high, hence medium severity.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
from 2023-10-looksrare-judging.
nevillehuang
commented on September 2, 2024
Hi @Oot2k, thanks for the detailed escalation. Considering the following, I think this is a low/non-issue.
-
Given the objective to prevent healing is to win the grand prize (which is not guaranteed), the cost of executing such a price manipulation is not incentivised.
-
The recommendation that is Allowing users to heal directly using LOOKS is already possible via
Infiltration.heal(). Users can always execute a swap via uniswap themselves where slippage can be applied or simply buy LOOKS off secondary exchanges. This way, heal will never revert due to price manipulation.
I think best is if you can provide a scenario where cost of attack for manipulating this specific pool here to block healing is possibly more profitable for attacker than if he does not, then this finding could be reinstated.
Though I think @0xhiroshi @nasri136 should take a look, happy to hear your thoughts.
from 2023-10-looksrare-judging.
0xhiroshi
commented on September 2, 2024
Are we talking about trying to manipulate the price of LOOKS using one's own capital over 2 transactions in the same block?
Can another bot come in to dump LOOKS to the inflated WETH/LOOKS pool before the attacker finishes the attack, after the heal reverts?
from 2023-10-looksrare-judging.
nevillehuang
commented on September 2, 2024
@Oot2k could you shed some more specific details on how the price manipulation could be performed?
from 2023-10-looksrare-judging.
Oot2k
commented on September 2, 2024
@nevillehuang I agree with your second point raised. The user can indeed call the function on the contract it self without using the periphery contract.
I disagree with your fist point, sherlock rules state that even if attack is expensive / non profitable it still counts as medium.
I also believe even if the user can avoid this, this issue renders the periphery contract useless.
@0xhiroshi
The attack would involve manipulating the price like you said, for example swaping a lot of WETH for LOOKs which would increase the price of LOOKs and make the transaction revert. After the attacker can swap LOOKs back to WETH.
He would use some form of MEV bot to avoid frontrunning.
In the end this is just a basic sandwich attack like all the other reports mention.
Here we just focused on the fact that the damage does not directly come from the price difference, but from the fact that a reverting transaction will cause financial damage by user losing his tokens (not healing).
The likelihood of this happening in real life is depending mainly on the size of price pool. If we assume that the price pool is 425 ETH (like the docs state), and current LOOKs volume does not increase significantly, this attack can become profitable if players with large stake in the game start attacking each other.
To summarize why I think this should be a medium:
- can be profitable if Token Price is high / a lot of participates in game
- renders the periphery contract useless
I don't think there can be done much about this issue -> mainly incurage users to not use swap when stakes are high.
from 2023-10-looksrare-judging.
jpopxfile
commented on September 2, 2024
- Users can swap using another aggregator or router and then heal directly.
- Even if it fails, user can still heal anytime before the roundstart is called
from 2023-10-looksrare-judging.
nevillehuang
commented on September 2, 2024
Hi @Oot2k considering the following I am on the fence of validating this issue as medium severity, but am leaning towards agreeing with you.
So i will state my points here and leave it up to @nasri136 @Evert0x for the final decision:
-
No fix can resolve this issue, unless protocol choose to remove the contract completely. Even if you implement a slippage, price manipulation will still cause
heal()to revert. -
On the other hand, somebody with sufficient funds can indeed potentially cause a permanent DoS of the
InfiltrationPeriphery.heal()function assuming their "front-running bot" is capable enough to front-run all healing and they have sufficient capital to do so. -
Like sponsor mentioned, the workaround is to self obtain LOOKS and perform the swap manually, in which case healing will never revert due to price manipulation.
from 2023-10-looksrare-judging.
Czar102
commented on September 2, 2024
Result:
Invalid
Duplicate of #89
Agree with Evert here, the details of the market price should not be considered here. Using a periphery contract to automatically acquire the LOOKS token is the responsibility of the user and is out of scope.
from 2023-10-looksrare-judging.
sherlock-admin2
commented on September 2, 2024
Escalations have been resolved successfully!
Escalation status:
- Oot2k: rejected
from 2023-10-looksrare-judging.
Related Issues (20)
- 0xrobsol - Inefficiency and Potential Gas Overhead Due to Forced ETH Transfer Failures
- dethera - Permanent DoS - inappropriate struct definition makes every call to UniSwap V3 `SwapRouter` contract's function `exactOutputSingle` to always revert
- detectiveking - `agents[1].agentId` access in `claimGrandPrize` is potentially incorrect and can lead to loss of grand prize
- gkrastenov - Bypassing MAX_MINT_PER_ADDRESS requirement
- detectiveking - Frontrunning with startNewRound() HOT 7
- Kral01 - [H-01] '_swap' can break things while in a loop. HOT 12
- syahirAmali - Fairness of Randomness is threatened and possibilities for gaming the jackpot.
- gkrastenov - Possible blocking of the game HOT 2
- BoRonGod - Unsafe `minimumRequestConfirmations`
- detectiveking - _woundRequestFulfilled is not actually random
- syahirAmali - Game Creator might not start the actual game. HOT 1
- ge6a - fulfillRandomWords() could revert under certain circumstances HOT 24
- klaus - fulfillRandomWords - may be reverted due to a hardcoded callbackGasLimit
- gkrastenov - Missing approve before transferring of WETH to the recipient HOT 1
- detectiveking - Wounded agents are killed without the next phase starting
- BoRonGod - `sqrtPriceLimitX96` and `deadline` are not defined in InfiltrationPeriphery.sol
- 0xWSeeC - Order of operations and solidity rounding down affects the correct value
- 0xpep7 - Gas Consumption Vulnerability in Infiltration's `fulfillRandomWords` HOT 1
- Milad-Sha - Unsafe downcast HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 2023-10-looksrare-judging.