Incorrect Deposit Amount Calculation in abortBidTaker
Summary
The abortBidTaker function contains a vulnerability where the deposit amount is incorrectly calculated when aborting a bid. The calculation method used during the abort process does not match the method used when users initially deposit funds.
Vulnerability Details
Deposit amount for the taker is calculated based on the points rate during the initial deposit as follows:
However, when users abort taker bids, the deposit amount is incorrectly calculated not using points rate but instead multiplying points.
Impact
Users may receive less or more than the correct amount, leading to potential losses for the protocol or users.
Tools Used
Manual
Recommendations
Use the correct method to calculate deposit amount for users.
Lead Judging Commences
finding-PreMarkets-abortBidTaker-amount-wrong-StockInfo-points
Valid high severity, due to incorrect computation of `depositAmount` within `abortBidTaker`, when aborting bid offers created by takers, the collateral refund will be completely wrong for the taker, and depending on the difference between the value of `points` and `amount`, it can possibly even round down to zero, causing definite loss of funds. If not, if points were worth less than the collateral, this could instead be used to drain the CapitalPool contract instead.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.