raymogg
commented
3 years ago Duplicate of #45
No issue with multiple markets existing under the same ID (eg multiple ETH/USD markets) hence we did not want to implement any restrictions on this front.
Closed code423n4 closed 3 years ago
raymogg
commented
3 years ago Duplicate of #45
No issue with multiple markets existing under the same ID (eg multiple ETH/USD markets) hence we did not want to implement any restrictions on this front.
cemozerr
commented
3 years ago Marking this as invalid as it does not pose any threats to protocols or users (assuming they not build their own front-end).
Handle
shw
Vulnerability details
Impact
There is no check on whether the given
marketIdis duplicated when deploying a tracer market. Thus, two markets can result in the same market ID. Therefore, multipleTracerDeployedevents may emit the same market ID but different deployed market addresses.Proof of Concept
Referenced code: TracerPerpetualsFactory.sol#L85 TracerPerpetualSwaps.sol#L109 TracerPerpetualsFactory.sol#L111
Recommended Mitigation Steps
Consider maintaining a market ID list in
TracerPerpetualsFactoryto ensure market IDs are not duplicated.