Incorrect Validation of `collateralRate` Allows for undercollateralization
Summary
The createOffer() function in the PreMarkets contract requires that collateralRate be more than 100% as specified in this comment.
However, the current implementation does not enforce this requirement correctly.
Vulnerability Details
Issue:
The check only reverts if params.collateralRate is less than 10000. This allows params.collateralRate to be exactly 10000, which is 100%.
Impact
Financial Risk:
Allowing collateralRate to be 100% can lead to insufficient collateralization, increasing the risk of default and financial loss.
Tools Used
Manual Review
Recommendations
Update the check to ensure params.collateralRate is strictly more than 10000.
Lead Judging Commences
finding-PreMarkets-off-by-one-Collateral-Rate-100%
I believe this is borderline informational/low. Despite this off-by-one error of the intended check, the difference between 100% and 101% is minimal, so I believe whether or not 100% is allowed has minimal impact. Ultimately, it still comes down to the risk level that users are willing to take
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.