Potential for market manipulation and financial losses due to inflated offer points
Summary
PreMarkets.sol allows users to create offers with an invalid number of points—specifically, more points than are available in the marketplace. This oversight could lead to market imbalances and potential exploitation, affecting the integrity of the platform.
Vulnerability Details
Inside PreMarkets.sol, createOffer currently checks whether the number of points or the offer amount is zero, but it fails to ensure that the number of points specified by the user is within the limits of what's available in the marketplace.
In the current implementation, there’s no validation to ensure that params.points does not exceed the total points available in the selected marketplace. This gap in validation could be exploited by a malicious user to create offers with more points than are available, potentially leading to various market manipulation scenarios.
Example
Imagine a scenario where a marketplace has 10,000 points available. A user could create an offer claiming 20,000 points, which don’t actually exist. This would create a situation where other users might engage in trades based on these non-existent points, leading to significant financial discrepancies and possible losses.
Impact
The vulnerability allows users to create offers with more points than are available, leading to potential market manipulation and financial losses for other users.
Tools Used
Imagination
Recommendations
Add a validation step that ensures the number of points specified in the offer does not exceed the total available points in the marketplace.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.