User abusing the system which results to User to never lose
Summary
The vulnerability allows a user to exploit the _redeemPositionToken function by repeatedly removing and adding liquidity to manipulate their position, ultimately gaining more rewards in a long position at the expense of others. By repeatedly selling the losing position (e.g., the short position), the attacker can accumulate more of the winning position (long), leading to an unfair advantage when the market expires.
Vulnerability Details
The issue arises from the logic in _redeemPositionToken() where the function removes positionToken from the position we choose
Here’s how the exploit works:
The attacker calls
_redeemPositionToken()to remove their short position (since it's smaller than the long position).The attacker then calls
addLiquidity()to add liquidity back into the pool, which will split the liquidity between both the long and short positions.The attacker can repeat this process multiple times, consistently removing the short position and adding liquidity back, effectively increasing their long position and reducing their short position.
By the time the market expires, the attacker will have a significantly larger long position (with no short position), resulting in them winning more rewards when the long position wins.
This cycle can be repeated as often as the attacker wants, giving them an unfair advantage over other users.
Impact
Medium
Tools Used
Manual Review
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.