Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Collateral Rate Handling in getRefundAmount

cheatcode

Summary

The OfferLibraries contract contains utility functions for managing offers in a decentralized market system. Two key functions in this library are getDepositAmount and getRefundAmount, which are responsible for calculating deposit and refund amounts for different types of offers (bid and ask).

The getDepositAmount function correctly applies the collateral rate to ask offers when creating an offer, and to bid offers when creating an order. This behavior is crucial for maintaining the economic balance of the system.

Issue Description

In the getRefundAmount function, there is an inconsistency in how the collateral rate is applied compared to the getDepositAmount function. Specifically:

For bid offers, the function does not apply the collateral rate at all.
For ask offers, the function always applies the collateral rate.

This behavior is inconsistent with getDepositAmount and does not correctly mirror the deposit calculation when refunding.

Code

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/OfferLibraries.sol#L63

function getRefundAmount(

OfferType _offerType,

uint256 _amount,

uint256 _points,

uint256 _usedPoints,

uint256 _collateralRate

) internal pure returns (uint256) {

uint256 usedAmount = Math.mulDiv(

_amount,

_usedPoints,

_points,

Math.Rounding.Ceil

);

if (_offerType == OfferType.Bid) {

return _amount - usedAmount;

}

return

Math.mulDiv(

_amount - usedAmount,

_collateralRate,

Constants.COLLATERAL_RATE_DECIMAL_SCALER,

Math.Rounding.Floor

);

}

Impact

This inconsistency could lead to incorrect refund calculations, potentially causing:

Financial losses for users or the protocol
Imbalance in the economic model of the market
Potential exploitation through arbitrage opportunities

Fix

Modify the getRefundAmount function to apply the collateral rate consistently with getDepositAmount:

function getRefundAmount(

OfferType _offerType,

uint256 _amount,

uint256 _points,

uint256 _usedPoints,

uint256 _collateralRate

) internal pure returns (uint256) {

uint256 usedAmount = Math.mulDiv(

_amount,

_usedPoints,

_points,

Math.Rounding.Ceil

);

uint256 refundAmount = _amount - usedAmount;

if (_offerType == OfferType.Ask) {

return Math.mulDiv(

refundAmount,

_collateralRate,

Constants.COLLATERAL_RATE_DECIMAL_SCALER,

Math.Rounding.Floor

);

}

return refundAmount;

}

This modification ensures that:

For bid offers, the refund is calculated without applying the collateral rate.
For ask offers, the refund is calculated with the collateral rate applied.

Updates

Lead Judging Commences

0xnevi Lead Judge

12 months ago

0xnevi Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.