Tadle

Summary

When the token generation event occurs, the marketplace owner must specify the tokenPerPoint as a conversion rate for the usedPoints when settling matched orders on the order book.

However, the tokenPerPoint assumes seller liquidity that cannot be guaranteed.

Vulnerability Details

Settled orders points are redeemed at a rate of tokenPerPoint:

The value marketPlaceInfo.tokenPerPoint is defined by the marketplace owner during a call to updateMarket. In tests, tokenPerPoint is usually selected to be 0.01 * 1e18.

Since the number of points on each order is variable between listings, and can be decided by the listing owner before the marketPlaceInfo.tokenPerPoint is known, it is possible for traders to agree to trades which cannot be fulfilled since the settledPointTokenAmount required when settling orders may be in excess of the trader's anticipated balance.

For example, imagine a trader who intends to inherit 1 ether of point tokens in the token generation event creates an offer denominated in 1 ether of points. A subsequent market-defined tokenPerPoint of 200 would require 200x more capital than the seller has access to.

By contrast, if we consider the scenario where the seller anticipated this as a possible outcome, they may only be incentivised to trade 0.005 ether of listing points, which will be economically inefficient if the tokenPerPoint eventually is configured to be something like 10. The trader's capital would have been underutilised due to uncertainty, resulting in opportunity cost during the pre-generation sales period.

This results in a highly uncertain trading environment which discourages seller liquidity and conspires against the fulfillment of pre-market matched orders.

Impact

Inability to fulfill successfully matched order obligations due to undercollateralization of point sellers through no fault of their own.

It should be emphasized that points between different listings are not fungible (listings differ in underlying token, precision and point resolution), therefore defining a common tokenPerPoint between will result in highly inefficient markets, since each listing can yield radically different exchange rates.

Tools Used

Manual Review

Recommendations

Points on matched orders should be redeemable one-to-one for point tokens.

In this approach, centralized decision making from the marketplace owner cannot inadvertently lead to insolvency for successfully matched orders; in fact, there is no need to even a need to define a tokenPerPoint, since market participants would intrinsically agree to this rate up-front, increasing the transparency of trades.

Therefore, tokenPerPoint should effectively only ever be 1, and should not be configurable.

Alternatively, allow trades to only take place once tokenPerPoint has been defined, and ensure calls to updateMarket enforce tge which is explicitly in the future.