Maker can set a high `eachTradeTax` leading to high fees for the user can be more than 100%.
Summary
Makers can create offers with an excessively high eachTradeTax, leading to substantial financial losses for takers.
Vulnerability Details
When a maker creates an offer using the PreMarkets:createOffer function, they have the option to set up either a turbo or protected offer. In a turbo offer, takers can buy without depositing collateral, but when they later sell their points, the eachTradeTax is paid to the initial maker. In a protected offer, takers must deposit collateral; when they eventually sell their points as a maker, the eachTradeTax is paid to them.
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L112
Makers have the ability to set the eachTradeTax anywhere from 0% to 100%, meaning takers could be required to pay up to 100% of their transaction amount as tax to the maker. This opens the door for makers to set an unreasonably high tax rate, resulting in severe financial losses for takers.
Additionally, the platform's user interface does not prominently warn takers about the eachTradeTax when they purchase points. This lack of transparency is particularly dangerous in turbo mode, where takers may unknowingly incur significant losses due to the high tax on every trade. If there are few offer creators, this situation could lead to a monopoly, allowing those makers to set exorbitantly high eachTradeTax rates, further exacerbating the financial harm to users.
While the protocol claims that they take take fee max to max 5% but the users may have to pay very high amount to buy points
Impact
Malicious makers could exploit this vulnerability by setting a high eachTradeTax to maximize their profits at the expense of takers.
In scenarios with few offer creators, these creators could collude or individually set high tax rates, creating a monopoly. This would further disadvantage takers, who may have no choice but to engage with these offers due to a lack of alternatives.
The lack of transparency regarding the eachTradeTax in the platform's interface could lead to user dissatisfaction and a loss of trust. Users may feel deceived if they are not adequately informed about the potential financial risks before engaging in trades.
Tools Used
Manual
Recommendations
Set a max limit to the eachTradeTax and document it to your website.
Appeal created
finding-PreMarkets-tradeTax-over-100%
A maximum tradeTax could be valuable to ensure makers do not abuse the tradeTax mechanism as a form of maker bonus. However, ultimately, it would still be user responsibility to take up offers with reasonable tradeTax. In addition, a maximum is already included in the Constants contract represented by EACH_TRADE_TAX_MAXINUM as seen here https://github.com/Cyfrin/2024-08-tadle/blob/72c93f73a26ec7472868cb509e8b454286810223/src/libraries/Constants.sol#L20
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.