Attacker can create spam offers as there is no minPoints check in createOffer
Summary
There is no check for minPoints while calling createOffer function. With this the attacker can create thousands of spam offers with small points like 1 or 2 points making the protocol bad for users.
Vulnerability Details
In the below function
There is no check for minPoints while creating offer, with this the attackers can spam the protocol by creating thousands of orders with small points with one or different wallet addresses.
Impact
Attackers can spam the protocol with thousands of small orders, with small amounts and points. Making the protocol not much attractive to the end users to participate in the protocol to buy and sell tokens before TGE.
Tools Used
Manual Inspection
Recommendations
Add a check in the createOffer function to check for the min points the user must should provide while creating offer.
Before that add a constant variable MIN_POINTS_TO_CREATE_OFFER in the constants library and set 1000 for example as the minPoints to create the offer
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.