Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
Description
Brief/Intro
The token allowance signature is required when users want to stake to TimeBasedCollateralPool. However when user initiates the stake tx, anyone can front-run the signature and call `modifyCollateralizableTokenAllowanceWithSignature` function in CollateralVault.sol to let user's nonce increase. And the user's stake tx will revert becauser of invalid signature.
Vulnerability Details
``` function modifyCollateralizableTokenAllowanceWithSignature( address _accountAddress, address _collateralizableContractAddress, address _tokenAddress, int256 _allowanceAdjustment, bytes calldata _signature // @audit-issue signature can be front-run ) external { if (_allowanceAdjustment > 0 && !collateralizableContracts[_collateralizableContractAddress]) { revert ContractNotApprovedByProtocol(_collateralizableContractAddress); }
``` The parameter of `modifyCollateralizableTokenAllowanceWithSignature` function is inputted directly. Anyone which knows signature information can call this function to consume signature. The contracts are depolyed to mainnet. If user initiates a stake tx publicly, the tx message is open to anyone. Attacker can front-run stake tx to let user's stake tx revert.
Impact Details
User's token allowance signature is useless if anyone front-runs the signature message.
import {Test} from "forge-std/Test.sol"; import {CollateralVault} from "../contracts/CollateralVault.sol"; import {TimeBasedCollateralPool} from "../contracts/TimeBasedCollateralPool.sol"; import {ICollateral} from "../contracts/interfaces/ICollateral.sol";
import {mockERC20} from "./mocks/mockERC20.sol";
contract SignatureFrontrun is Test { error InvalidSignature(address account);
