Incorrect Round Offset in `UserAgent::getRoundPhase()` Calculation
Summary
The UserAgent::getRoundPhase() function adds an extra offset round when calculating the round value, which can lead to an inaccurate round count. It results in an unintended round increment that may prevent orders from being correctly matched and purchased.
Vulnerability Details
The round calculation in UserAgent::getRoundPhase() is designed to accumulate rounds from each intermediate phase, including an additional offset round:
The round calculated by the _computePhase() with formula:
If elapsedTime % cycleTime equals zero, this indicates that a cycle has just ended and a new cycle is beginning. In such cases, the calculated round already matches the actual number of elapsed cycles. Adding an extra offset round results in a count that exceeds the actual number of cycles.
Example scenario:
An order is listed at round 10.
setMarketParameters()is called, settingmarketParameters.timestampto the exact end of the current cycle.UserAgent::getRoundPhase()calculates the round as 11, instead of 10.This unexpected round increment causes the order to be skipped in
UserAgent::purchase(), which now attempts to purchase orders at round 11, leaving round 10 orders unprocessed.
Impact
The incorrect round calculation can lead to missed purchases, as orders listed in the actual round are skipped.
Tools Used
vscode
Recommendations
Remove the additional offset rounds when elapsedTime % cycleTime is zero.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.