Incorrect/Insufficient validation of market locking timestamp #80
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Handle
0xRajeev
Vulnerability details
Impact
Three timestamps are used during market creation to indicate market opening, locking and oracle resolution times. The validation of these timestamps is performed in RCFactory during market creation.
The validation for market locking _timestamp[1] is performed only if maximumDuration is != 0 where the default value is 0 and is set only if setMaximumDuration() is called. Even in that validation, the use of block.timestamp should really be _timestamps[0] (market opening timestamp) because the market opening-locking duration should be counted from _timestamp[0] and not block.timestamp at createMarket() time. _timestamp[0] could be in the past. This check also doesn't account for advancedWarning aspect of market opening.
Impact: Incorrect/Insufficient validations of all possible market opening/locking configurations could affect user interactions with the market by breaking assumed invariants in the code.
Proof of Concept
https://github.com/code-423n4/2021-06-realitycards/blob/86a816abb058cc0ed9b6f5c4a8ad146f22b8034c/contracts/RCFactory.sol#L530-L535
https://github.com/code-423n4/2021-06-realitycards/blob/86a816abb058cc0ed9b6f5c4a8ad146f22b8034c/contracts/RCFactory.sol#L519-L528
Tools Used
Manual Analysis
Recommended Mitigation Steps
Specify all possible market opening/locking invariants and validate correctly against all variations of them.
The text was updated successfully, but these errors were encountered: