Incorrect collateral rate validation allows unintended values
Summary
The collateralRate parameter validation in the PreMarkets contract is incorrectly implemented. Although the impact is low, this oversight could cause confusion or unintended behavior if not corrected.
Vulnerability Details
In the PreMarkets.sol contract, the createOffer and listOffer functions check whether the collateralRate is less than the minimum allowable value defined by Constants.COLLATERAL_RATE_DECIMAL_SCALER.
However, the validation logic does not ensure that the collateralRate is equal to the minimum, as specified in the @dev comment - "@param collateralRate the collateral rate of offer must be greater than 100%." Because if it's equal it needs to revert again.
Impact
The current validation allows a collateralRate equal to the minimum threshold, which the protocol does not intend. This could result in unintended behavior where offers are accepted with a collateralRate that should have been rejected.
Tools Used
Imagination
Recommendations
To align the contract's behavior with the intended logic, the validation should be updated to ensure that collateralRate values are greater than or equal to the minimum:
Lead Judging Commences
finding-PreMarkets-off-by-one-Collateral-Rate-100%
I believe this is borderline informational/low. Despite this off-by-one error of the intended check, the difference between 100% and 101% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, it still comes down to the risk level that users are willing to take
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.