Submission Details
Severity:
tokenPerPoint less than 1 is not supported by protocol
Summary
There is a critical issue when tokenPerPoint is less than 1 and is represented as a fractional value. This is the most common scenario.
Vulnerability Details
tokenPerPointis uint256which doesn't have decimal values. Due to this, the protocol assumes that there will be more than 1token per point which is not a ideal scenario.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/SystemConfig.sol#L120-L140
function updateMarket(
string calldata _marketPlaceName,
address _tokenAddress,
uint256 _tokenPerPoint,
uint256 _tge,
uint256 _settlementPeriod
) external onlyOwner {
address marketPlace = GenerateAddress.generateMarketPlaceAddress(
_marketPlaceName
);
MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[
marketPlace
];
if (marketPlaceInfo.status != MarketPlaceStatus.Online) {
revert MarketPlaceNotOnline(marketPlaceInfo.status);
}
marketPlaceInfo.tokenAddress = _tokenAddress;
marketPlaceInfo.tokenPerPoint = _tokenPerPoint;
Impact
Protocol won't be able to suppor many tokens.
Tools Used
Manual
Recommendations
tokenPerPointshould be used with more decimals instead of 1.
Prize pool breakdown
Total prize
30,000 USDC
nSLOC
1,22924 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.