No input Validation on marketId might result in removing unintended market
Summary
GlobalConfigurationBranch.sol::updatePerpMarketStatus() is used to enable/disable a market status. Since there is no input validation on marketId that is passed into the function, it might result in disabling an incorrect market.
Vulnerability Details
updatePerpMarketStatus makes a call to removeMarket(). This function removes a market from enabled marketIds set:
The issue here is that there is no validation on marketId in both functions. It is entirely possible that the owner unintentionally(e.g a typo) provide an incorrect marketId to updatePerpMarketStatus(), which will disable a valid but an unintended market.
Impact
Removing a valid but unintended market might halt trading activities on that market, leading to potential financial losses for traders and lp providers. It could also distrup the overall market dynamics
likelihood: low
impact: high . so ı would say it is a medium
Tools Used
None
Recommendations
Implement validation checks within the contract to ensure that that the "marketId" passed to the function is valid and exists within a predefined range or list of market IDs.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.