You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Description
the Market.sol is designed to manage prediction markets and here the initialize function is used to initialize the market with provided parameters but here the function does not check length of arrays i.e wrapped1155[] and data[].the issue arises here is if the length of both the arrays are not equal then as the function cannot be called again to change the array.owner cannot change the arrays too.
function initialize(
stringmemory_marketName,
string[] memory_outcomes,
uint256_lowerBound,
uint256_upperBound,
ConditionalTokensParams memory_conditionalTokensParams,
RealityParams memory_realityParams,
RealityProxy _realityProxy
) external {//@check-does not check the length is samerequire(!initialized, "Already initialized.");
marketName = _marketName;
outcomes = _outcomes;
lowerBound = _lowerBound;
upperBound = _upperBound;
conditionalTokensParams = _conditionalTokensParams;//@audit-does not check for same length
realityParams = _realityParams;
realityProxy = _realityProxy;
initialized =true;
}
this issues directly affects other function like
function wrappedOutcome(uint256index) externalviewreturns (IERC20wrapped1155, bytesmemorydata) {
return (conditionalTokensParams.wrapped1155[index], conditionalTokensParams.data[index]);
}
Attack Scenario
Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
it is recommended to check the initialization parameters perfectly as the function can only be called once
The text was updated successfully, but these errors were encountered:
For all markets created by MarketFactory, the conditionalTokensParams.wrapped1155 and conditionalTokensParams.data variables has the same length from L420-L421.
Security != Safety. Frontend should not allow creating markets with mismatched array lengths.
Out of Scope
Issues where the user is harming itself by interacting improperly with the contracts. It's possible for the users to call functions with improper parameters, incompatible tokens, etc but we assume that functions are called properly similarly to how they are called in the frontend. It's the job of smart contracts to protect against malicious behaviours, but it's the job of the frontend to protect against stupid ones!
Github username: --
Twitter username: --
Submission hash (on-chain): 0x7a7d773b03b9201dd5513e49aa5ccd9cf6e74db85bb4f5938b73eeaf92a574cf
Severity: low
Description:
Description
the
Market.sol
is designed to manage prediction markets and here theinitialize
function is used to initialize the market with provided parameters but here the function does not check length of arrays i.ewrapped1155[]
anddata[]
.the issue arises here is if the length of both the arrays are not equal then as the function cannot be called again to change the array.owner cannot change the arrays too.this issues directly affects other function like
Attack Scenario
Describe how the vulnerability can be exploited.
Attachments
it is recommended to check the initialization parameters perfectly as the function can only be called once
The text was updated successfully, but these errors were encountered: