Front-Running Attack

Overview of Vulnerability

Front-running occurs when an attacker observes a pending transaction in the mempool and submits their own transaction with higher gas fees to gain execution priority. This behavior disrupts the fair operation of protocols, allowing attackers to exploit liquidity matching or trading opportunities.

Potential Scenarios of Vulnerability

In Evoq’s peer-to-peer (P2P) matching system, suppliers enter a waiting queue to be matched with borrowers. A front-runner could detect an incoming borrow transaction, submit their own supply transaction in the same block with higher priority, and exploit the matching process. This would prevent legitimate suppliers in the queue from being matched, reducing efficiency and fairness within the system by taking advantage of the priority queue matching mechanism.

Evoq’s Preventive Measures

To counteract front-running risks, Evoq ensures that supply or borrow operations are added to the matching queue starting from the block following their execution. This mechanism prevents attackers from exploiting the priority queue matching system to intentionally bypass waiting times and unfairly intercept borrow requests. By implementing this delay, Evoq ensures that the matching process remains fair and prevents attackers from gaining an unfair advantage over legitimate users.

By implementing these measures, Evoq enhances the security and fairness of its platform, offering a reliable and trustworthy system for its users.