Closed code423n4 closed 3 years ago
Duplicate of #45
No issue with multiple markets existing under the same ID (eg multiple ETH/USD markets) hence we did not want to implement any restrictions on this front.
Marking this as invalid as it does not pose any threats to protocols or users (assuming they not build their own front-end).
Handle
shw
Vulnerability details
Impact
There is no check on whether the given
marketId
is duplicated when deploying a tracer market. Thus, two markets can result in the same market ID. Therefore, multipleTracerDeployed
events may emit the same market ID but different deployed market addresses.Proof of Concept
Referenced code: TracerPerpetualsFactory.sol#L85 TracerPerpetualSwaps.sol#L109 TracerPerpetualsFactory.sol#L111
Recommended Mitigation Steps
Consider maintaining a market ID list in
TracerPerpetualsFactory
to ensure market IDs are not duplicated.