Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-3] Silent Failure on Duplicate Market addition in `LiveMarkets::addMarket`

0xprince

Summary

The addMarketfunction in the LiveMarkets library doesn't explicitly handle duplicate market IDs, instead it rely on EnumerableSet's implicit duplicate prevention.

While duplicates are prevented, the function returns a boolean rather than reverting on duplicate attempts

Vulnerability Details

Let us say market ID 2 already exists

  • Someone tries to add market 2 again

  • from EnumerableSet, it returns false but does not stop

  • The code continues running, assuming market was added.

  • There is no way this function will revert

function addMarket(Data storage self, uint128 marketId) internal returns (bool) {
//@audit-no rejection of duplicate
return self.liveMarketIds.add(uint256(marketId));
}

Impact

This could result to silent Failures where market additions could fail without explicit notification.

Tools Used

Manuel review

Recommendations

STOP The market ID if already exists

function addMarket(Data storage self, uint128 marketId) internal {
+ if (self.liveMarketIds.contains(uint256(marketId))) {
+ revert MarketAlreadyExists(marketId);
}
+ require(self.liveMarketIds.add(uint256(marketId)), "Market addition failed");
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
7 months ago
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.