The following function is used to deploy the ERC20 positions and its called in createNewMarketParams() function. To calculate, _data, it takes tokenNames which is passed as argument as string and token decimal which is 18 decimal for ERC20 tokens.
Impact\
Incorrect data encoding in deployERC20 positions would lead to incorrect data stored in ConditionalTokensParams struct. This data would return incorrectly across contracts where it will be called/referred.
Recommendations\
Consider removing the additional code to perform correct _data encoding combining only tokenName and decimals.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x904a93417822e9e5ddf3bbf96590835aaf32db4edc016e6fea4a3dde6c2a3590 Severity: low
Description: Description\
The following function is used to deploy the ERC20 positions and its called in
createNewMarketParams()
function. To calculate,_data
, it takestokenNames
which is passed as argument asstring
and tokendecimal
which is18 decimal
for ERC20 tokens.The issue is that, while encoding the
_data
, it incorrecty encoded thetokenNames
twice which would produce incorrect data.This
data
will be stored increateNewMarketParams()
function where its stored as argument for structMarket.ConditionalTokensParams
.Impact\ Incorrect data encoding in deployERC20 positions would lead to incorrect data stored in
ConditionalTokensParams
struct. Thisdata
would return incorrectly across contracts where it will be called/referred.Recommendations\ Consider removing the additional code to perform correct
_data
encoding combining only tokenName and decimals.