If proposal submission and sponsorship are done in 2 different transactions, it’s possible to front-run the sponsorProposal function by any member.
The incentive to do that is to be able to block the proposal afterwards.
Pull pattern for token transfers will solve the issue. Front-running will still be possible but it doesn’t affect anything.
- ConsenSys Audit The Lao Finding 5.7
- Timing & DoS
- Major Severity
- Front-running
- Proposal Block
- Pull over Push
- Youtube Reference
- Major severity finding from Consensys Diligence Audit of The Lao