Skip to content

Latest commit

 

History

History
59 lines (36 loc) · 2.11 KB

File metadata and controls

59 lines (36 loc) · 2.11 KB

Tricky Sage Stallion

Medium

DEFAULT_PRICE is 10 times larger than intended, causing higher initial liquidity and prices

Summary

The DEFAULT_PRICE constant is incorrectly set to 0.01 ether, which is 10 times larger than the intended value of 0.001 ether. This results in the initialLiquidity for the first market configuration being set to 0.02 ether instead of the intended 0.002 ETH, leading to inflated initial market prices and liquidity. The other market configurations have the same issue.

Root Cause

The DEFAULT_PRICE is used to calculate the initialLiquidity and other market parameters.

For example, according to the comments, the intended initialLiquidity for the first market configuration is 0.002 ETH. However, due to the incorrect DEFAULT_PRICE, the actual initialLiquidity becomes: initialLiquidity = 2 * DEFAULT_PRICE = 2 * 0.01 ether = 0.02 ether:

79:>  uint256 public constant DEFAULT_PRICE = 0.01 ether;
...
219:     // Default tier
220:     // - Minimum viable liquidity for small/new markets
221:>    // - 0.002 ETH initial liquidity
222:     // - 1 vote each for trust/distrust (volatile price at low volume)
223:     marketConfigs.push(
224:       MarketConfig({
225:>        initialLiquidity: 2 * DEFAULT_PRICE,
226:         initialVotes: 1,
227:         basePrice: DEFAULT_PRICE
228:       })
229:     );
...

Internal pre-conditions

The comments, for example, "0.002 ETH initial liquidity", is intended requirement.

External pre-conditions

No response

Attack Path

No response

Impact

This misconfiguration leads to markets being initialized with larger than expected prices.

PoC

No response

Mitigation

Update the DEFAULT_PRICE to the intended value of 0.001 ether to align with the documented "0.002 ETH initial liquidity" in the market configuration.