In preMarket contract, the abortBidTaker
function is designed to allow users to abort their bids and receive a refund of their deposit. However, a rounding issue in the getDepositAmount
function leads to incorrect calculations of the required deposit, causing the system to give 0 deposit amount for refund. This results in users losing their deposited funds when attempting to abort their bids.
The abortBidTaker
function is designed to allow users to abort their bids and receive a refund of their deposit.
The depositAmount
calculation in the abortBidTaker
function makes a rounding issue making the deposit amount to be 0.
Due to this rounding error, the system will not add any balance to the user's account and mark's the stock status as "finished,"leading to the user's inability to retrieve their deposited funds when calling abortBidTaker
.
Users are unable to recover their deposited funds due to the incorrect stock status triggered by the rounding issue.
This results in a direct loss of funds for users who attempt to abort their bids under these conditions.
The loss of users funds gets locked in the captialPool
contract and can't be retrieved.
Bob is taker and trades with the preMarket contract.
Bob deposits buys 500 point tokens from alice(maker).
Bob lists his offer and waits for takers to accept.
Alice aborts her ask offer.
Bob tries to abort his bid taker to get back his deposited collateral as the settlement type is Protected
.
Due to the rounding issue in the abortBidTaker
function, Bob's deposit amount is calculated as 0.
Bob's funds are locked in the contract, and he is unable to retrieve his deposited amount.
For testing the POC, run the following command:
Add the following code to the PreMarkets.t.sol
contract:
Manual Review
Fix the Rounding Issue: Modify the depositAmount
calculation to ensure that rounding errors are mitigated, possibly by using more precise calculations or by adjusting how deposits are calculated.
Valid medium, given the free nature of the markets, it may be possible that such an offer type where both low amount of points correspond to lower decimal and lower amount of collateral value, so I believe medium severity is appropriate.
Valid high severity, due to incorrect computation of `depositAmount` within `abortBidTaker`, when aborting bid offers created by takers, the collateral refund will be completely wrong for the taker, and depending on the difference between the value of `points` and `amount`, it can possibly even round down to zero, causing definite loss of funds. If not, if points were worth less than the collateral, this could instead be used to drain the CapitalPool contract instead.
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by the community.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.