semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphore-protocol

createGroup can be frontrun

Open 0xDatapunk opened this issue 1 year ago • 0 comments

A malicious actor can monitor calls of createGroup(groupId, admin) and frontrun it with createGroup(groupId, admin1). This prevents new group's creation. If we adopt an incremental groupId, once groupId increases by one each time createGroup is called, we can prevent this from happening

https://github.com/semaphore-protocol/semaphore/blob/8eb19e83fda62644872b2fcfbd85011d3b2c21e2/packages/contracts/contracts/Semaphore.sol#L27 https://github.com/semaphore-protocol/semaphore/blob/8eb19e83fda62644872b2fcfbd85011d3b2c21e2/packages/contracts/contracts/Semaphore.sol#L34

0xDatapunk avatar Mar 06 '24 14:03 0xDatapunk