TITLE: Non-Payable createMarket Functions Can Cause Market Creation Failure
Severity: Medium
Description:
The MarketFactory.sol contract is responsible for creating new markets on the Seer prediction market platform. It contains functions such as createCategoricalMarket, createMultiCategoricalMarket, createScalarMarket, and createMultiScalarMarket, each of which facilitates the creation of a different type of market.
These functions internally call the createMarket() function, which subsequently invokes the createNewMarketParams() function. This function calls askRealityQuestion() for each encoded question to retrieve the question ID, and askRealityQuestion() calls askQuestionWithMinBond() on the Realitio contract. Ultimately, this process reaches the _askQuestion() function.
Within _askQuestion(), the fees required by the arbitrator are determined using the arbitrator_question_fees variable. Currently, the arbitrator set by the team in the test environment has zero fees:
However, if the arbitrator decides to impose a fee, it will become mandatory to pay this fee when creating a market. The problem arises because all the createMarket functions (createCategoricalMarket, createMultiCategoricalMarket, createScalarMarket, and createMultiScalarMarket) are not marked as payable, meaning they cannot send Ether with the transaction to cover the arbitrator fee.
Impact:
Denial of Service (DoS): The inability to send fees with the transaction could lead to a denial of service where no one can create new markets if the arbitrator imposes a fee.
Restricted Functionality: Admins would be unable to set fees for the arbitrator, limiting their ability to adapt to changing fee requirements.
Recommendation:
To ensure that market creation functions can accommodate arbitrator fees, all createMarket functions should be made payable. This will allow Ether to be sent along with the transaction to cover the necessary fees.
-- function createCategoricalMarket(CreateMarketParams calldata params) external returns (address)
++ function createCategoricalMarket(CreateMarketParams calldata params) external payable returns (address)
-- function createMultiCategoricalMarket(CreateMarketParams calldata params) external returns (address)
++ function createMultiCategoricalMarket(CreateMarketParams calldata params) external payable returns (address)
-- function createScalarMarket(CreateMarketParams calldata params) external returns (address)
++ function createScalarMarket(CreateMarketParams calldata params) external payable returns (address)
-- function createMultiScalarMarket(CreateMarketParams calldata params) external returns (address)
++ function createMultiScalarMarket(CreateMarketParams calldata params) external payable returns (address)
Github username: -- Twitter username: atharv_181 Submission hash (on-chain): 0xbc167ac64e1203ba5d2e0f02f21215630f06de9088035bcba0d40abcbd139528 Severity: medium
Description:
TITLE: Non-Payable createMarket Functions Can Cause Market Creation Failure
Severity: Medium
Description:
The
MarketFactory.solcontract is responsible for creating new markets on the Seer prediction market platform. It contains functions such ascreateCategoricalMarket,createMultiCategoricalMarket,createScalarMarket, andcreateMultiScalarMarket, each of which facilitates the creation of a different type of market.These functions internally call the
createMarket()function, which subsequently invokes thecreateNewMarketParams()function. This function callsaskRealityQuestion()for each encoded question to retrieve the question ID, andaskRealityQuestion()callsaskQuestionWithMinBond()on the Realitio contract. Ultimately, this process reaches the_askQuestion()function.Within
_askQuestion(), the fees required by the arbitrator are determined using thearbitrator_question_feesvariable. Currently, the arbitrator set by the team in the test environment has zero fees:However, if the arbitrator decides to impose a fee, it will become mandatory to pay this fee when creating a market. The problem arises because all the createMarket functions (createCategoricalMarket, createMultiCategoricalMarket, createScalarMarket, and createMultiScalarMarket) are not marked as payable, meaning they cannot send Ether with the transaction to cover the arbitrator fee.
Impact:
Denial of Service (DoS): The inability to send fees with the transaction could lead to a denial of service where no one can create new markets if the arbitrator imposes a fee.
Restricted Functionality: Admins would be unable to set fees for the arbitrator, limiting their ability to adapt to changing fee requirements.
Recommendation:
To ensure that market creation functions can accommodate arbitrator fees, all createMarket functions should be made payable. This will allow Ether to be sent along with the transaction to cover the necessary fees.