search

hats-finance / SeeR-PM-0x899bc13919880db76edf4ccd72bdfa5dfa666fb7

1 stars 0 forks source link

Inconsistent Market Name Formatting in Multi Scalar Market Creation #5

Open hats-bug-reporter[bot] opened 1 month ago

hats-bug-reporter[bot] commented 1 month ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xa12d42f476f20830a264cbc23a927d34e2ef13fd1e0364ee588147dbb15ca3be Severity: low

Description: Description

The createMultiScalarMarket function creates a market name using a format that is inconsistent with the documentation provided. The documentation indicates that the market name should be constructed by concatenating the questionStart, outcomeType, and questionEnd parameters. However, the actual implementation includes square brackets around the outcomeType, resulting in a different format than described.

Attachments

  1. Proof of Concept (PoC)
*/// @param marketName Used only in categorical, multi categorical, and scalar markets. In multi scalar markets, the market name is formed using questionStart + outcomeType + questionEnd.*

function createMultiScalarMarket(CreateMarketParams calldata params) external returns (address) {
        require(params.outcomes.length >= 2, "Outcomes count must be 2 or more");

        string[] memory encodedQuestions = new string[](params.outcomes.length);

        for (uint256 i = 0; i < params.outcomes.length; i++) {
            encodedQuestions[i] = encodeRealityQuestionWithoutOutcomes(
                string(abi.encodePacked(params.questionStart, params.outcomes[i], params.questionEnd)),
                params.category,
                params.lang
            );
        }

        return createMarket(
            params,
@>          string(abi.encodePacked(params.questionStart, "[", params.outcomeType, "]", params.questionEnd)),
            InternalMarketConfig({
                encodedQuestions: encodedQuestions,
                outcomeSlotCount: params.outcomes.length + 1, // additional outcome for Invalid Result.
                templateId: REALITY_UINT_TEMPLATE
            })
        );
    }
  1. Revised Code\ Ensure that the documentation accurately reflects the intended format used in the implementation. Alternatively, if the documented format is preferred, the implementation should be adjusted to remove the square brackets around the outcomeType. This ensures consistency between the documentation and the actual behavior of the function.
clesaege commented 1 month ago

The sentence

the market name is formed using questionStart + outcomeType + questionEnd.

is correct. It doesn't mean only those elements are used. The brackets are also "used" but because they are always the same, it didn't look necessary to specify that on the comments.

As per contest rules are excluded: Issues about code/project quality which do not lead to exploitable vulnerabilities.