Contract

The contract below will act as an intermediary that can provide a digital asset for a certain price

The price is recorded in the storage variable uint256 price

The price can be changed by the owner of the contract by calling the setPrice(uint256 _price) function

pragma solidity ^0.4.18;



contract TransactionOrdering {

uint256 price;

address owner;



event Purchase(address _buyer, uint256 _price);

event PriceChange(address _owner, uint256 _price);



modifier ownerOnly() {

require(msg.sender == owner);

_;

}



function TransactionOrdering() {

// constructor

owner = msg.sender;

price = 100;

}



function buy() returns (uint256) {

Purchase(msg.sender, price);

return price;

}



function setPrice(uint256 _price) ownerOnly() {

price = _price;

PriceChange(owner, price);

}

}

Contract is deployed at: 0xfd3673a4fd729ee501cbacd4aac97741e287d318

Attack Scenario:

The buyer of the digital asset will call the buy() function, to set a purchase at the price specified in the storage variable, with a starting price=100.

2. The contract owner will call setPrice() and update the price storage variable to price=150.

3. The contract owner will send the transaction with a higher gas fee.

4. The contract owner’s transaction will be mined first, updating the state of the contract due to the higher gas fee.

4. The buyers transaction gets mined soon after, but now the buy() function will be using the new updated price=150.