Incorrect collateral rate validation in createOffer()
Summary
The createOffer() function in the PreMarktes contract contains a bug in the validation of the collateral rate.
Vulnerability Details
According to the CreateOfferParams struct comment, the collateralRate parameter "must be greater than 100%" with a decimal scaling factor of 10000.
However, the actual implementation in the createOffer() function incorrectly validates this condition:
The current implementation only checks if the collateralRate is less than the COLLATERAL_RATE_DECIMAL_SCALER (which is 10000, representing 100%). This allows a collateralRate of exactly 100% to pass the check, contradicting the requirement stated in the struct comment that it must be greater than 100%.
Impact
This bug could lead to the creation of offers with insufficient collateral. It may result in undercollateralized positions, increasing the risk of insolvency and potentially leading to financial losses for users or the protocol itself.
Tools Used
Manual review
Recommendations
Modify the condition to strictly enforce a collateral rate greater than 100%:
if (params.collateralRate <= Constants.COLLATERAL_RATE_DECIMAL_SCALER) {
revert InvalidCollateralRate();
}
Lead Judging Commences
finding-PreMarkets-off-by-one-Collateral-Rate-100%
I believe this is borderline informational/low. Despite this off-by-one error of the intended check, the difference between 100% and 101% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, it still comes down to the risk level that users are willing to take
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.