Skip to content

Latest commit

 

History

History
87 lines (62 loc) · 2.93 KB

061.md

File metadata and controls

87 lines (62 loc) · 2.93 KB

Little Concrete Dachshund

Medium

Attackers may exploit predictable orderId generation to disrupt order placement for users

Summary

The use of block.timestamp in the generateOrderId() function will cause a predictable orderId for users as attackers can calculate the next orderId and place malicious orders to disrupt or front-run legitimate order placements.

Root Cause

In AutomationMaster.sol:92, the generateOrderId() function uses block.timestamp as the sole source of entropy for generating unique order identifiers. This approach is vulnerable to miner manipulation, as block timestamps can be slightly adjusted by miners within a ±15 second range.

Internal pre-conditions

  1. A user needs to interact with the generateOrderId function to receive a new orderId.
  2. The current block timestamp must be accessible to the attacker.

External pre-conditions

  1. Miners must be able to adjust the block.timestamp within a ±15 second range.

Attack Path

  1. The attacker calls generateOrderId() and observes the generated order ID.

  2. The attacker manipulates the block.timestamp by a few seconds and calls generateOrderId() again.

  3. The attacker can now predict future order IDs and potentially front-run legitimate orders.

Impact

The protocol suffers a loss of trust from users due to the predictable nature of order ID generation. The attacker does not gain any direct financial benefit, but can potentially exploit timing-sensitive order processing to their advantage.

PoC

No response

Mitigation

Implement one of the following strategies to enhance randomness and prevent timestamp manipulation:

Option 1: Enhanced Entropy

function generateOrderId(address sender) external view returns (uint96) {
    uint256 hashedValue = uint256(
        keccak256(
            abi.encodePacked(
                sender, 
                block.timestamp, 
                block.prevrandao,  // Additional entropy source
                address(this)      // Contract address for further randomness
            )
        )
    );
    return uint96(hashedValue);
}

Option 2: Nonce-based Approach

mapping(address => uint256) private _nonces;

function generateOrderId(address sender) external returns (uint96) {
    uint256 nonce = _nonces[sender]++;
    uint256 hashedValue = uint256(
        keccak256(
            abi.encodePacked(
                sender, 
                nonce, 
                block.timestamp,
                block.prevrandao
            )
        )
    );
    return uint96(hashedValue);
}

Alternative Recommendations:

  • Integrate a Verifiable Random Function (VRF)
  • Use external randomness oracles
  • Implement a commit-reveal scheme for order ID generation
  • Add additional entropy sources
  • Conduct thorough testing of the new randomness mechanism