search

code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

PUT short option is always in loss #380

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L466

Vulnerability details

Impact

For a long PUT condition the party which is doing short will always be in loss

Proof of Concept

  1. Alice creates and signs a long put option order off-chain for 2 Bored Ape floors with a duration of 30 days, a strike of 124 WETH and a premium of 0.8 WETH

  2. Bob takes Alice's order and fills it by sumbitting it to the Putty smart contract using fillOrder()

  3. He sends 124 ETH to cover the strike which is converted to WETH. 0.8 WETH is transferred from Alice's wallet to Bob's wallet.

  4. A long NFT is sent to Alice and a short NFT is sent to Bob which represents their position in the trade

Now 2 cases:

Case 1: a. 17 days pass and the floor price for Bored Apes has dropped to 54 ETH - (2 * 54 = 108 ETH. 124 - 108 = 16 ETH profit for Alice.) b. Alice exercise her option and Bob withdraws to get Bored Apes with loss of 16 ETH

Case 2: a. 17 days pass and the floor price for Bored Apes has increased to 90 ETH - (2 90 = 180 ETH. 124 - 180 = -56 ETH loss for Alice.) b. Of course Alice chose to lose 0.8 ETH premium and does nothing c. Since Alice does not exercise so Bob need to wait for order expiration and then withdraws the strike amount with 3% fees. This means Bob gets 124-(1.243) = 121 ETH which means Bob is at loss of 3 ETH

Recommended Mitigation Steps

Implement some fees for long position as well once order is filled. The fees should be reimbursed once order is execised

GalloDaSballo commented 2 years ago

It seems like the fees mechanism may cause negative incentives, that said I'd assume the premium would have been "realPremium + potentialFee".

However the example provided does make sense

ghost commented 2 years ago

Can the sponsors confirm when fees should be taken from the strike?

outdoteth commented 2 years ago

Fees should only be taken on exercise so peripherally this issue is correct because it highlights that.

However, the severity of this is not high because fees are expected part of the platform - any trading platform with fees has -EV for all traders. Traders having to pay fees is expected behaviour.

berndartmueller commented 2 years ago

... Traders having to pay fees is expected behaviour.

That's true. But paying fees on the returned strike, due to a not exercised put option, does not make sense. In this case, fees should be paid on the earned premium.

outdoteth commented 2 years ago

Ok sure, tbh I am not very sure on ranking the severity of this issue. Just that most issues which reported the “taking fees on expiry” were tagged as Med.

outdoteth commented 2 years ago

Duplicate: Fees are only applied on puts if they are expired: https://github.com/code-423n4/2022-06-putty-findings/issues/269