Submission Details
Severity:
Incorrect Calculation of Remaining Amount in `PreMarkets.sol::abortAskOffer` Function
## Summary
The `abortAskOffer` function contains an incorrect calculation for the `remainingAmount`, which may result in financial discrepancies and inaccurate refund amounts. The issue lies in the calculation logic for offers with the status `Canceled`, where the `remainingAmount` does not accurately reflect the unused portion of the offer.
## Vulnerability Details
In the `abortAskOffer` function, the `remainingAmount` is calculated as follows:
```solidity
if (offerInfo.offerStatus == OfferStatus.Virgin) {
remainingAmount = offerInfo.amount;
} else {
remainingAmount = offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Floor
);
}
```
This calculation is incorrect for offers with the status `Canceled`. The `remainingAmount` should be the total amount minus the amount already used, ensuring that the sum of used and remaining amounts equals the total amount. The correct calculation should be:
```solidity
remainingAmount = offerInfo.amount - offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Ceil
);
```
## Impact
This issue can lead to financial discrepancies where the remaining amount does not correctly represent the unused portion of the offer. This might result in incorrect refund amounts being calculated and credited to the offer authority. Consequently, users may receive less than they are entitled to, causing potential financial losses and undermining the protocol's trust and reliability.
## Tools Used
Manual code review and logic analysis.
## Recommendations
Update the calculation for the `remainingAmount` in the `abortAskOffer` function to correctly reflect the unused portion of the offer. The revised calculation should be:
```solidity
if (offerInfo.offerStatus == OfferStatus.Virgin) {
remainingAmount = offerInfo.amount;
} else {
remainingAmount = offerInfo.amount - offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Ceil
);
}
```
## Severity
Considering the financial impact and the potential for incorrect refunds, this issue is of **medium** severity. It does not pose an immediate critical risk but can lead to financial inaccuracies and undermine user trust in the protocol if left unaddressed.
Updates
Lead Judging Commences
0xnevi about 1 year ago
Submission Judgement Published Assigned finding tags:
[invalid] finding-PreMarkets-abortAskOffer-remainingAmount-compute
Valid high, for cancelled offers, the unused collateral should be returned back to the maker. The `remainingAmount` is calculated wrongly with regards to usedPoints instead of unused points. Note: See comments under 826 and 907 for invalidation reasons
Appeal created
0xnevi about 1 year ago
Submission Judgement Published Reason: Incorrect statement
Assigned finding tags:
[invalid] finding-PreMarkets-abortAskOffer-remainingAmount-compute
Valid high, for cancelled offers, the unused collateral should be returned back to the maker. The `remainingAmount` is calculated wrongly with regards to usedPoints instead of unused points. Note: See comments under 826 and 907 for invalidation reasons
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923
USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.