Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Zero checks for duplicate marketId in `createPerpMarket` Function

akay

Summary

The createPerpMarket function in the GlobalConfigurationBranch contract lacks a check to prevent the creation of markets with duplicate IDs. This could lead to unintentional overwriting of existing markets.

Vulnerability Details

In the createPerpMarket function, a new market is created using the provided marketId. However, there is no verification to ensure that a market with the given marketId doesn't already exist.

PerpMarket.create(
PerpMarket.CreateParams({
marketId: params.marketId,
// ... other parameters ...
})
);
globalConfiguration.addMarket(params.marketId);

Without a check for existing markets, calling this function with an marketId that's already in use would overwrite the existing market data.

Impact

Overwriting of existing markets, resulting in loss of market data and configurations. Also, there could be a disruption of trading activities on the overwritten markets.

Tools Used

Manual code review

Recommendations

Implement a check to ensure the marketId is not already in use before creating a new market with the same ID.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!