Dria

Summary

A vulnerability in the request creation process allows users to lose their oracle fees if market parameters are updated by the owner between the time of request creation(oraclePurchaseRequest or oracleStateRequest) and the invocation of purchase or updateState(). When a user submits a request and pays the oracle fee, the request is set in the current market round. If the owner subsequently updates the market parameters, the system advances to a new round, leaving the user’s request in the previous round, rendering it unprocessable and effectively wasting the user’s oracle fee. Same issue arises when Someone list their asset and before the sell phase is finished, the update MarketParameters and now we're in a new sell phase with another round.

Vulnerability Details

This issue arises in the request flow where users pay the oracle fee upon creating a request, specifically in the following functions:

createRequest(): Initiates the request and locks in the oracle fee based on the current round.
purchase(): Finalizes the request but can only proceed if the request remains within the current round.

Impact

Users can lose their oracle fees without receiving any service if a market parameter update occurs between createRequest() and the subsequent call to purchase() or updateState(). Lister will lose their paird royaltees

Tools Used

Manual Review

Recommendations

If a request is invalidated due to a market parameters update, provide an option to refund the oracle fee to the user.