WhoAmI?
may be auditor

Security blog

Add new post Feed

Auditors space

Dapp Security list Audit Challenges Team formation

Dapps and protocols

Pre-audit plan Audit Profile

Dev Tools

Dev tools Testing tools

Protocol Marketing

Marketing tips

Misc

Support Log In

AuditProfile, Copywright 2025

info@auditprofile.xyz

Privacy Policy

AuditProfile

Block: 24

Author: Immunefi

AuditProfile

Security blog

Deposit with permit

#mempool

#signature

Hint

This is a very common situation with user signatures and mempool...

Answer

This is a perfect example of the frontrun attack with the theft of a user's personal signature. We all remember that all transactions go into the mempool, from where they are added to the blockchain by validators, right? So, a hacker can steal your transaction signature from the mempool, create his own transaction and make a deposit to himself on behalf of your account.

CTF

Capture the Ether The Ethernaut Damn Vulnerable DeFi CryptoZombies Speedrun Ethereum CipherShastra Mr Steal Yo Crypto Cryptohack DeFi Hack Ether Hack CTF protocol CTF Blockchain Challenges

Awesome Books

Uniswap V2 Book

by RareSkills
Uniswap V3 Book

by Jeiwan
Compound Book

by RareSkills
ZK Book

by RareSkills
Ethereum Book

by Andreas M. Antonopoulos, Gavin Wood
Beigepaper

by Micah Dameron

Useful tools

EVM diff

Compare execution layer differences between chains
EVM storage

Dive deep into the storage of any contract

Регистрация прошла успешно! Спасибо за внимание!

loader