Market makers receive a portion of the protocol fee for each order filled, and the protocol fee is based on the transaction gas price. Therefore market makers are able to specify a higher gas price for a reduced overall transaction rate, using the refund they will receive upon disbursement of protocol fee pools.
Short term, properly document this issue to make sure users are aware of this risk. Establish a reasonable cap for the protocolFeeMultiplier to mitigate this issue. Long term, consider using an alternative fee that does not depend on the tx.gasprice to avoid reducing the cost of performing front-running attacks.
- ToB Audit Ox Protocol Finding 2
- Timing
- Medium Severity
- Market Makers
- Subsidized Front-running
- Document/Cap Fee
- No tx.gasprice -> Fee
- Youtube Reference
- Medium Risk severity finding from ToB’s Audit of 0x Protocol