Remaining Amounts Are Calculated Incorrectly
Summary
When we abortAskOffer, a refund of the remaining unspent capital in the offer is attempted, however this calculation is incorrect. This disadvantages honest users and enables attackers to drain the protocol.
Vulnerability Details
Invocations to abortAskOffer are expected to schedule a refund for any remaining unspent capital the offer has a claim to. The amount to refund is based on the remainingAmount in the offer, given that some of the offer may have already been spent by a propsective counterparty:
For an entirely unspent (Virgin) order, the entire claim to the offerInfo's amount is eligible to be claimed by the owner.
However for non-Virgin orders, the remainingAmount is expected to be reduced by the amount of underlying collateral in the offer which has already been spent. The proportion by which the offer has been spent is inferred via the usedPoints, which increases until a maximum of offerInfo.points (until the offer has been spent completely and no claim to underlying collateral is remaining).
Notice then, that the implementation of refunds for non-Virgin orders is incorrect, as the remainingAmount is calculated as follows:
The more underlying collateral has been sold (as usedPoints increases), the more the seller may refund their initial collateral.
Likewise, unfortunate sellers who have only sold a tiny fraction of their underlying collateral (and deserve to have the lion's share of their underlying to be refunded) only receive a tiny fraction back as a refund.
Imagine the hypothetical case where
usedPointsis0(i.e. nothing has been spent - this is hypothetical because a non-Virginorder is by definition at least partially spent). Here, theremainingAmountto refund evaluate to zero, when in fact the owner would deserve the entirety of their initial deposit.Alternatively, consider the case where the offer is 99% spent, and 99% of the underlying capital has been successfully sold on. This calculation would assert that the caller deserves a 99% refund of the underlying capital; effectively allowing marginally unspent offers to be liquidated by their owners to effectively refund themselves for the collateral they've already sold.
Impact
Loss of due rewards for honest non-Virgin offers, meanwhile malicious users may drain the protocol by partially selling the near-entirety of their offer's underlying collateral to maximize the ratio of usedPoints to points and then submitting for a partial reward.
Malicious users will be refunded the near entirety of their initial collateral, allowing them to effectively double their initial deposit.
This can be repeated until protocol insolvency.
Tools Used
Manual Review
Recommendations
Invert the calculation:
Lead Judging Commences
[invalid] finding-PreMarkets-abortAskOffer-remainingAmount-compute
Valid high, for cancelled offers, the unused collateral should be returned back to the maker. The `remainingAmount` is calculated wrongly with regards to usedPoints instead of unused points. Note: See comments under 826 and 907 for invalidation reasons
Appeal created
[invalid] finding-PreMarkets-abortAskOffer-remainingAmount-compute
Valid high, for cancelled offers, the unused collateral should be returned back to the maker. The `remainingAmount` is calculated wrongly with regards to usedPoints instead of unused points. Note: See comments under 826 and 907 for invalidation reasons
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.