Incorrect check for `collateralRate`
Summary
In the createOfer and listOffer functions of the PreMarkets contract, the check for the collateralRate parameter should revert if collateralRate is less than or equal to Constants.COLLATERAL_RATE_DECIMAL_SCALER. The current implementation only checks if it is less, potentially allowing invalid collateral rates.
Vulnerability Details
The check for collateralRate in createOffer and listOffer ensures it is more than Constants.COLLATERAL_RATE_DECIMAL_SCALER, but does not account for values equal to the scaler.
Impact
Allowing collateralRate to be equal to Constants.COLLATERAL_RATE_DECIMAL_SCALER means that the collateral provided might not be sufficient to cover the risks associated with the offer. This can lead to situations where the collateral is inadequate to cover potential losses, resulting in financial discrepancies. Malicious actors could exploit this vulnerability by setting the collateralRate to the exact value of Constants.COLLATERAL_RATE_DECIMAL_SCALER. This could allow them to create offers with minimal or insufficient collateral, increasing the risk of default and potential losses for other participants.
Tools Used
Manual Review
Recommendations
Update the check for collateralRate to ensure it is strictly greater than Constants.COLLATERAL_RATE_DECIMAL_SCALER.
Vulnerability Details
Impact
Tools Used
Recommendations
Lead Judging Commences
finding-PreMarkets-off-by-one-Collateral-Rate-100%
I believe this is borderline informational/low. Despite this off-by-one error of the intended check, the difference between 100% and 101% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, it still comes down to the risk level that users are willing to take
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.