Frontrunner stealing bounty

Open kingcocomango opened this issue 8 years ago • 2 comments

If both the bounty claim, and bounty approval are in the same block a frontrunner can steal the bounty funds.

Nov 17 '17 13:11 kingcocomango

Hmm... This is an interesting theoretical attack, but I wonder how practical it is. In that, the UI won't allow a user to enter an approval until the claim is in. And also an approval isn't going to approve a claim within 10s (3s) after casper.

Nov 17 '17 15:11 owocki

I agree its fairly unlikely (and impossible through the UI).

The contract also doesn't check the return value of transfers, which can return false on failure instead of throwing.

Nov 17 '17 22:11 kingcocomango