There is a gap between the creation of a transaction and the moment it is accepted in the blockchain. Therefore, an attacker can take advantage of this gap to put a contract in a state that advantages them.
-
Bob creates
RaceCondition(100, token). Alice trustsRaceConditionwith all its tokens. Alice callsbuy(150)Bob sees the transaction, and callschangePrice(300). The transaction of Bob is mined before the one of Alice and as a result, Bob received 300 tokens. -
The ERC20 standard's
approveandtransferFromfunctions are vulnerable to a race condition. Suppose Alice has approved Bob to spend 100 tokens on her behalf. She then decides to only approve him for 50 tokens and sends a secondapprovetransaction. However, Bob sees that he's about to be downgraded and quickly submits atransferFromfor the original 100 tokens he was approved for. If this transaction gets mined before Alice's secondapprove, Bob will be able to spend 150 of Alice's tokens.
- For the ERC20 bug, insist that Alice only be able to
approveBob when he is approved for 0 tokens. - Keep in mind that all transactions may be front-run
- Race condition outlined in the first bullet point above