[M-2]Reliance on Unstable Enumeration Order in LiveMarkets::getLiveMarketsIds
Summary
LiveMarket:: getMarketAtIndex is using EnumerableSet from openzeppelin for the iteration order of elements which can change unpredictably when elements are added or removed, leading to incorrect index-based logic when trying to retrieve all .
Vulnerability Details
The getLiveMarketsIdsfunction returns an array of live marketIDs by iterating through an EnumerableSet using index-based access (at(i)). While functionally correct, this pattern creates a hidden risk for systems that consume the returned array, as EnumerableSet does not guarantee stable iteration order. The order of IDs can change unpredictably when markets are added/removed, violating assumptions in dependent logic.
}
Impact
Incorrect operation of corr logic relying on market order or UI display inconsistently.
Tools Used
Manual review
Recommendations
getLiveMarketsIds function does create a hidden risk if the consuming logic assumes a stable enumeration order. Developers should either:
Indicate that the order of market IDs is non-deterministic and should not be relied upon.
If order is important, consider maintaining a separate ordered list or using a data structure that guarantees order consistency.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.