In the current implementation, questionTimeout is set in the constructor of the MarketFactory but it’s not validated somehow resulting in a future potential reverts when creating a market.
Attack Scenario\
questionTimeout is set in the constructor of the MarketFactory:
MarketFactory.sol::L133
questionTimeout = _questionTimeout;
However, if set incorrectly, it will not be possible to create any markets in the future as this timeout is later validated in the Reality contract:
RealityETH-3.0.sol::340-341
require(timeout > 0, "timeout must be positive");
require(timeout < 365 days, "timeout must be less than 365 days");
This will result in a situation where no markets can be created due to insufficient validation of the function parameters.
Recommendation
Introduce a similar check as in the Reality contract in the MarketFactory constructor.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x57796cb5bc251f4258e3d981eda97c011cac4b00b182fec383ce6ed3b7c2f8a1 Severity: low
Description: Description\
In the current implementation,
questionTimeoutis set in the constructor of theMarketFactorybut it’s not validated somehow resulting in a future potential reverts when creating a market.Attack Scenario\
questionTimeoutis set in the constructor of theMarketFactory:MarketFactory.sol::L133
However, if set incorrectly, it will not be possible to create any markets in the future as this timeout is later validated in the
Realitycontract:RealityETH-3.0.sol::340-341
This will result in a situation where no markets can be created due to insufficient validation of the function parameters.
Recommendation
Introduce a similar check as in the Reality contract in the
MarketFactoryconstructor.