Core Contracts

Summary

The MarketCreator.sol contract contains an issue with how rewards are distributed. While the calculateReward function's formula is correct, the contract incorrectly adjusts the market.totalDeposits by subtracting the amount of totalDeposits by the tokens that the user had participated with. This results in the distribution of rewards exceeding the specified market.reward, causing the reward tokens to be depleted and affecting other markets.

Vulnerability Details

The problem lies in the redeemFromMarket function. When a user redeems their position, the contract reduces market.totalDeposits by the amount the user participated with. This modification of totalDeposits causes the reward calculation formula to incorrectly allocate more tokens than intended.

For example:

• If Bob deposits 800 tokens, Alice deposits 100 tokens, and Charlie deposits 100 tokens, the market.reward is 2000 tokens.

• After Bob redeems, the market.totalDeposits becomes 200 tokens, but the reward calculation formula (Bob's 800 tokens out of 1000 total) allocates 1600 tokens to Bob.

• When Alice redeems, the market.totalDeposits further reduces to 100 tokens, and Alice receives 1000 tokens as a reward.

• Lastly, Charlie receives 2000 tokens, exceeding the available market.reward by 2.6x.

This leads to the depletion of the reward tokens, preventing other users from redeeming their funds, as the contract will revert due to insufficient reward tokens.

Impact

• Reward Token Depletion: The contract distributes more tokens than it should, leading to the depletion of available reward tokens.

• Market Disruption: Once the reward pool is depleted, further redemption attempts by users will fail, causing the contract to become unusable for subsequent markets.

• Potential Loss of Funds: Users may be unable to redeem their deposits as the redeemFromMarket function will revert due to the insufficient balance of reward tokens.

Tools Used

Manual code review

Recommended Mitigation

• Avoid modifying market.totalDeposits when calculating rewards. The totalDeposits should only account for the sum of user deposits, not redeemed amounts.

• Implement a separate variable to track the total rewards claimed or a cap to ensure the contract does not exceed its designated reward amount.

• Adjust the redeemFromMarket function so that reward calculations are based on the initial total deposits, not modified by the rewards that have already been distributed.

• Allow the users to redeem their tokens without claiming rewards to avoid getting funds stuck in the contract.