The setMarketParameters function prevents users from exiting freely.
Summary
The setMarketParameters function restricts users from freely setting their own parameters. This means that the setFeeRoyalty function and the setAmountPerRound function cannot be used within the cycle. More importantly, buyers are unable to exit freely. Additionally, this disruption can cause the seller and buyer to lose the fees they have already paid.
Vulnerability Details
Changing any of the intervals (
withdrawInterval,sellInterval,buyInterval) is a disruptive action, it will automatically increase the round count of all existing buyers by 1; this is intended.
Even though the protocol is aware that this is a destructive feature, it should not prevent users from setting their own parameters or withdrawing all their funds during this period. This hinders users from exiting.
For example, if a user wants to withdraw all their funds during the withdraw phase of a round, but the protocol's modification of parameters skips this phase, the user is unable to exit and is forced to continue participating.
Impact
Users are unable to exit freely and cannot set their own parameters.
Tools Used
manual
Recommendations
A better solution would be to start the new cycle with a withdraw phase after parameters have been modified, allowing users to freely perform their operations first.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.