Reward Griefing Due to Market Participation Timing
Summary
The participateInMarket function in MarketCreator.sol allows users to increase market.totalDeposits before another user redeems their rewards. Since the reward calculation formula divides the allocated rewards by market.totalDeposits, a last block participation can reduce the expected rewards of other users. This allows an attacker to grief reward redemptions, diminishing the fairness of the system.
Vulnerability Details
The vulnerability exists in the reward calculation mechanism:
Since market.totalDeposits is updated when a new user participates, any increase in deposits right before a redemption will reduce the proportional share of rewards.
For example:
market.totalDeposits = 1000andmarket.reward = 500. A user holding100tokens expects a reward of(100 * 500) / 1000 = 50.If an attacker deposits
1000right before redemption,market.totalDepositsbecomes2000, and the reward calculation changes to(100 * 500) / 2000 = 25.The legitimate user’s reward is cut in half due to this late participation.
Impact
This vulnerability allows a malicious actor to grief other users by reducing their expected rewards.
Tools Used
Manual code review
Recommended Mitigation
To mitigate this issue introduce a snapshot based reward calculation. Maintain a snapshot of market.totalDeposits at the time of each user's participation to ensure fair distribution.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.