Incorrect Input Parameters of `Math.Rounding.Ceil` and `Math.Rounding.Floor` in the contracts of OfferLibraries.sol, DeliveryPlace.sol and PreMarkets.sol
Summary
The getRefundAmount function in the OfferLibraries.sol contract uses Math.Rounding.Ceil and Math.Rounding.Floor as input parameters for the Math.MulDiv function, but these values do not exist in the Math library. This issue causes the getRefundAmount function to fail to execute correctly. To fix this issue, it is recommended to replace Math.Rounding.Ceil with Math.Rounding.Up and Math.Rounding.Floor with Math.Rounding.Down in the getRefundAmount function.
Additionally, the closeBidTaker and settleAskTaker functions in the DeliveryPlace.sol contract, as well as the createOffer, createTaker, listOffer, abortAskOffer, abortBidTaker, _depositTokenWhenCreateTaker, and _updateReferralBonus functions in the PreMarkets.sol contract also incorrectly use Math.Rounding.Ceil and Math.Rounding.Floor.
Vulnerability Details
The getRefundAmount function in the OfferLibraries.sol contract uses Math.Rounding.Ceil and Math.Rounding.Floor as input parameters for the Math.MulDiv function. However, these values do not exist in the Math library. As a result, the getRefundAmount function fails to execute correctly.
src/libraries/OfferLibraries.sol:getRefundAmount_L63-L88
Additionally, the closeBidTaker and settleAskTaker functions in the DeliveryPlace.sol contract, as well as the createOffer, createTaker, listOffer, abortAskOffer, abortBidTaker, _depositTokenWhenCreateTaker, and _updateReferralBonus functions in the PreMarkets.sol contract also incorrectly use Math.Rounding.Ceil and Math.Rounding.Floor.
DeliveryPlace.sol:
src/libraries/OfferLibraries.sol:closeBidTaker_L96
src/libraries/OfferLibraries.sol:settleAskTaker_L335
PreMarkets.sol:
src/libraries/OfferLibraries.sol:createOffer_L39
src/libraries/OfferLibraries.sol:createTaker_L164
src/libraries/OfferLibraries.sol:listOffer_L295
src/libraries/OfferLibraries.sol:abortAskOffer_L536
src/libraries/OfferLibraries.sol:abortBidTaker_L645
src/libraries/OfferLibraries.sol:_depositTokenWhenCreateTaker_L813
src/libraries/OfferLibraries.sol:_updateReferralBonusr_L839
Impact
The incorrect input parameters for the Math.MulDiv function prevent theses functions from performing its intended functionality.
Tools Used
Manual Review
Recommendations
To fix this issue, replace Math.Rounding.Ceil with Math.Rounding.Up and Math.Rounding.Floor with Math.Rounding.Down in all above functions as shown below .
Lead Judging Commences
finding-PreMarkets-Rounding-Direction
Duplicate of #456, however, for issues noting rounding directions, will be low severity given the impact is not proven sufficiently with a PoC/numerical example and most rounding will not result in significant losses e.g. most examples only proved at most a 1 wei difference when computing `depositAmount/platFormFees` and involves lower amount offers
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.