Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Offers can be created using CollateralRate == 10_000 ,conflicting Code inline documentation

0xreadyplayer1

Summary

The code comments in interface definition of IPremarket.sol#CreateOfferParams state that CollateralRateMUST BE GREATER THAN 10_000 , however , the code only ensures if it is not less than 10_000, leaving room for erroneous offers creation at the exact rate of 10_000 or 100% that will affect future integrations and development due developer's assumptions being wrong.

Vulnerability Details

Here are the code blocks that might be helpful to visualize and understand the issue

`IPreMarket.sol`

/**
* @title //snip
* @notice //snip
* @param //snip
* @param //snip
* @param //snip
* @param collateralRate the collateral rate of offer. must be greater than 100%. decimal is 10000.
* @param //snip
* @param //snip
* @param //snip
*/
struct CreateOfferParams {
address marketPlace;
address tokenAddress;
uint256 points;
uint256 amount;
uint256 collateralRate;
uint256 eachTradeTax;
OfferType offerType;
OfferSettleType offerSettleType;
}

`PreMarket.sol`

function createOffer(CreateOfferParams calldata params) external payable {
//snip
if (params.collateralRate < Constants.COLLATERAL_RATE_DECIMAL_SCALER) {
revert InvalidCollateralRate();
}
//snip

Proof of Concept

// forge test --mt test_create_offer_for_100_percent_collateralRate -vvvv
function test_create_offer_for_100_percent_collateralRate() public {
vm.startPrank(user);
preMarktes.createOffer(
CreateOfferParams(
marketPlace,
address(mockUSDCToken),
1000,
0.01 * 1e18,
10_000,
300,
OfferType.Ask,
OfferSettleType.Turbo
)
);
}

PoC Output

Ran 1 test for test/PreMarkets.t.sol:PreMarketsTest
[PASS] test_create_offer_for_100_percent_collateralRate() (gas: 540691)
Traces:
[540691] PreMarketsTest::test_create_offer_for_100_percent_collateralRate()
├─ [0] VM::startPrank(0x7E5F4552091A69125d5DfCb7b8C2659029395Bdf)
│ └─ ← [Return]
├─ [525720] UpgradeableProxy::createOffer(CreateOfferParams({ marketPlace: 0xE6b1c25C9BAC2B628d6E2d231F9B53b92172fC2D, tokenAddress: 0xF62849F9A0B5Bf2913b396098F7c7019b51A820a, points: 1000, amount: 10000000000000000 [1e16], collateralRate: 10000 [1e4], eachTradeTax: 300, offerType: 0, offerSettleType: 1 }))
│ ├─ [520669] PreMarktes::createOffer(CreateOfferParams({ marketPlace: 0xE6b1c25C9BAC2B628d6E2d231F9B53b92172fC2D, tokenAddress: 0xF62849F9A0B5Bf2913b396098F7c7019b51A820a, points: 1000, amount: 10000000000000000 [1e16], collateralRate: 10000 [1e4], eachTradeTax: 300, offerType: 0, offerSettleType: 1 })) [delegatecall]

Impact

Offers with wrong collateral rate will be created , jeopardising Current and Future developments + Integrations with the protocol

Tools Used

Manual Review , Foundry

Recommendations

Ensure that in CreateOffer inside PreMarket , the collateralRate needs to be more than 10_000

function createOffer(CreateOfferParams calldata params) external payable {\
//snip
if (params.collateralRate <== Constants.COLLATERAL_RATE_DECIMAL_SCALER) {
revert InvalidCollateralRate();
}
//snip
Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-off-by-one-Collateral-Rate-100%

I believe this is borderline informational/low. Despite this off-by-one error of the intended check, the difference between 100% and 101% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, it still comes down to the risk level that users are willing to take

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.