I've been reading AAVE document and saw that user can include a referral code inside deposit calldata, so that the referrer can receive some rewards(source: https://docs.aave.com/developers/v/1.0/integrating-aave/referral-program)
Just wondering if MEV bot capture this tx, can he replace the referral code with his own. code, and submit a new transaction with higher gas, thus front-running this original transaction.
Is this possible? If so, how can AAVE prevent this? thanks!
I don't think that'd make sense as the message sender (eg a MEV bot) would have to deposit their own asset.
Check the full deposit function:
function deposit(address asset, uint256 amount, address onBehalfOf, uint16 referralCode) address asset — contract address of the token you deposit (eg DAI contract address)uint256 amount — amount of the token in wei (eg 2000000000000000000 for 2 DAI)address onBehalfOf — address of who will get the token from the lendingb pool. Sent to message sender / caller if no address provideduint16 referralCode — the referral codeIf there's hypothetically a transaction sent by messageSenderA depositing assetDai with referralCodeX and it's in the mempool, a hypothetical MEV bot (messageSenderB) would spot the transaction in the mempool, construct it locally with the same params except the referralCode and send it with higher fee as messageSenderB depositing assetDai with referralCodeY. This would just mean a regular different transaction of a different account depositing the same amount of their own tokens (eg DAI) and getting in exchange other tokens from the lending pool with a different referral code. There's no real connection between the two transactions and no real way to extract value from this.
