Excessive trade tax allowance in offer creation
Summary
The createOffer function responsible for creating new offers in the trading system, contains a logical flaw in its validation of the eachTradeTax parameter. This flaw potentially allows for the creation of offers with exorbitant trade taxes.
Vulnerability Details
The function includes the following check:
if (params.eachTradeTax > Constants.EACH_TRADE_TAX_DECIMAL_SCALER) {
revert InvalidEachTradeTaxRate();
}
This validation is intended to ensure that the trade tax does not exceed 100%. However, it actually allows for a trade tax of up to 100% inclusive, rather than strictly less than 100%.
The comment in the function states:
@dev eachTradeTax must be less than 100%, decimal scaler is 10000
This indicates that the EACH_TRADE_TAX_DECIMAL_SCALER is set to 10000, representing 100%. The current check allows for a trade tax equal to this value, which translates to a 100% tax.
The comment clearly states that the trade tax "must be less than 100%", but the implemented check allows for it to be equal to 100%.
Impact
It could lead to scenarios where trades occur but traders receive no value, essentially functioning as a value sink rather than a fair exchange mechanism.
Tools Used
Manual review
Recommendations
Modify the trade tax validation to strictly enforce a "less than 100%" rule:
if (params.eachTradeTax >= Constants.EACH_TRADE_TAX_DECIMAL_SCALER) {
revert InvalidEachTradeTaxRate();
}
Lead Judging Commences
finding-PreMarkets-off-by-one-Trade-TAX-100%
Similar to issue #1323, Despite this off-by-one error of the intended check, the difference between 99% and 100% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, takers should not be realistically creating offer with such tradeTax
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.