DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential Yield Reward Loss for Highest Bid Order

caventa

Summary

Potential Yield Reward Loss for Highest Bid Order.

Vulnerability Details

The creationTime timestamp for the highest bid order is prematurely reset during the execution of the LibOrders#_updateOracleAndStartingShort function. This function calls LibOracle#setPriceAndTime:

function setPriceAndTime(address asset, uint256 oraclePrice, uint32 oracleTime)

internal

{

AppStorage storage s = appStorage();

s.bids[asset][Constants.HEAD].ercAmount = uint80(oraclePrice);

s.bids[asset][Constants.HEAD].creationTime = oracleTime;

}

This modifies the creationTime of the order, which is essential for determining how much reward in ditto tokens the order creator is entitled to. The reward calculation is done in the LibOrders#increaseSharesOnMatch function:

function increaseSharesOnMatch(

address asset,

STypes.Order memory order,

MTypes.Match memory matchTotal,

uint88 eth

) internal {

AppStorage storage s = appStorage();

uint32 timeTillMatch = getOffsetTime() - order.creationTime;

if (timeTillMatch > Constants.MIN_DURATION) { // MIN DURATION = 14 days

uint88 shares = eth * (timeTillMatch / 1 days);

matchTotal.dittoMatchedShares += shares;

uint256 vault = s.asset[asset].vault;

s.vaultUser[vault][order.addr].dittoMatchedShares += shares;

}

Here, the timeTillMatch determines how much reward the user receives, and it's based on the difference between the current time and the order's creationTime. If an order has been active for more than 14 days, it earns a specific reward.

However, since LibOrders#_updateOracleAndStartingShort resets the creationTime before the reward is calculated, the user might not receive the correct amount of reward for their active duration.

Impact

The individual who created the highest bid order might not receive the correct amount of Ditto token yield reward due to them.

Tools Used

Manual

Recommendations

Invoke LibOrders#increaseSharesOnMatch before executing setPriceAndTime to ensure accurate yield reward calculations.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.