Denial-of-Service Vulnerability in Redemption of Rewards in `MarketCreator`
Summary
In the MarketCreator contract reward are distributed based on the current totalDepositswhich leads to the last redeemer getting bigger rewards than the others. If the reward give to the last redeemer is bigger than the current balance of the raacToken it will revert causing a DoS on the redeem function.
Vulnerability Details
The reward are calculated like this:
Here, market.reward is the total reward pool, and market.totalDeposits is the aggregate deposited tokens, which is reduced as redemptions occur.
As users redeem, the total deposits (market.totalDeposits) decreases. For example:
If all users redeem simultaneously, each depositor receives a proportional reward.
However, if early redeemers withdraw first, the remaining deposit pool shrinks. A later redeemer might then have:
when a user is the last to redeem:
This means the final redeemer is calculated to receive the entire reward pool.
If the contract does not possess sufficient raacToken balance to cover the inflated reward (especially after previous payouts), the transfer will revert. This reversion causes the redemption function to fail, effectively denying service to users attempting to redeem their rewards.
Impact
Denial of Service:
Late redeemers may be unable to redeem their rewards if the contract’s token balance is insufficient, resulting in locked funds and a denial-of-service condition.
Tools Used
Recommendations
Make sure there is enough funds enough to distribute to users. I would recommend the protocol add excess funds so that the contract doesn't dry up of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.