DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Wrong startingShortWithinOracleRange may cause order book collision

nyx

Summary

Vulnerability Details

//@dev: force hint to be within 1% of oracleprice

bool startingShortWithinOracleRange = shortPrice

<= oraclePrice.mul(1.01 ether)

&& s.shorts[asset][prevId].price >= oraclePrice;

The startingShortWithinOracleRange is intended to represent whether the shortPrice is within 1% of the oraclePrice. However, multiplying oraclePrice with 1.01 ether is incorrect, potentially leading to an incorrect state where startingShortWithinOracleRange is always true.

shortPrice(18 decimal) <= oraclePrice(18 decimal).mul(1.01 ether)(18 decimal) ==> this will always true

if (startingShortWithinOracleRange || isExactStartingShort) {

//@dev only consider the x% above oraclePrice if there are prev Shorts with price >= oraclePrice

s.asset[asset].startingShortId = shortHintId;

return;

} else if (allShortUnderOraclePrice) {

s.asset[asset].startingShortId = Constants.HEAD;

return;

}

The startingShortId will always equal to shortHintId, and It may cause to leading to potential mismanagement of order books.

) {

//@dev if match and match price is gt .5% to saved oracle in either direction, update startingShortId

LibOrders.updateOracleAndStartingShortViaThreshold(

asset, b.oraclePrice, incomingBid, shortHintArray

);

b.shortHintId = b.shortId = Asset.startingShortId;

return bidMatchAlgo(asset, incomingBid, orderHintArray, b);

}

This can result in order book collisions inside the bidMatchAlgo() function, causing inaccurate pricing and potential loss for users.

Impact

Order book collision and potential loss of funds.

Tools Used

Manual Review

Recommendations

Multiply oraclePrice with 1.01.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.