Petite Slate Orangutan
High
If the transaction is not yet mined, an attacker could monitor the mempool and detect the staking request. By submitting a competing transaction with a higher gas fee, the attacker could stake tokens before the legitimate transaction is processed https://github.com/sherlock-audit/2024-11-tally/blob/main/govstaking/src/extensions/GovernanceStakerOnBehalf.sol#L71-L99
Front-Running Attack Scenario: If the attacker has access to the signature data, they could reproduce the signature's contents and stake before the legitimate transaction executes.
Specifically, this line:
_revertIfSignatureIsNotValidNow(
_depositor,
_hashTypedDataV4(
keccak256(
abi.encode(
STAKE_TYPEHASH,
_amount,
_delegatee,
_claimer,
_depositor,
_useNonce(_depositor),
_deadline
)
)
),
_signature
);
allows the attacker to see the components of the signature (amount, delegatee, claimer, etc.) before the transaction is mined, enabling them to create their own front-running transaction. An attacker monitoring the network for incoming transactions can detect when a legitimate staking transaction is pending but has not yet been mined. This transaction will contain the signature, which provides the attacker with knowledge of the intended staking details. The attacker can then craft a competing transaction with the same parameters (amount, delegatee, claimer, etc.) but with higher gas fees. This allows the attacker to prioritize their transaction and execute it before the legitimate transaction, effectively "front-running" the original user's stake.
The attacker could steal the staking action if they submit the transaction first with a higher gas fee, using the same signature and parameters, but gaining the governance influence or rewards that were intended for the legitimate depositor. Governance manipulation: If the tokens staked are associated with governance voting, the attacker could skew voting outcomes. Reward accrual manipulation: By staking before the original transaction, the attacker may receive rewards meant for the legitimate user.
PoC Code Snippet
// Attacker's transaction that front-runs the legitimate staking request
function attackFrontRun(
address _stakingContract,
uint256 _amount,
address _delegatee,
address _claimer,
address _depositor,
uint256 _deadline,
bytes memory _signature
) external {
// The attacker submits the transaction to stake tokens before the legitimate depositor
GovernanceStakerOnBehalf(_stakingContract).stakeOnBehalf(
_amount,
_delegatee, // Attacker assigns themselves as delegatee
_claimer, // Attacker claims the rewards
_depositor, // Original depositor's address (victim)
_deadline, // Same deadline as the legitimate transaction
_signature // Signature from the victim (exploited in this PoC)
);
}
Manual Review
Mitigations to Consider Non-repudiation and Signature Management:
Time-Limited Approvals:
Delay Before Execution:
Transaction Ordering Protection: