Closed sherlock-admin closed 1 year ago
Mukund
medium
user can accidentally send more money than he is intended to do.
In function buyPosition when user is buying he can accidentally send more eth than he is intended to do ,if user send's more than user will not get any refund that user will buy same position as other users but with a higher price. https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L492
buyPosition
User will accidentally buy position with higher price and basically lose fund.
https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L492
Manual Review
put a price cap
Mukund
medium
USER CAN ACCIDENTALLY SEND MORE ETH THAN HE IS INTENDED TO DO
Summary
user can accidentally send more money than he is intended to do.
Vulnerability Detail
In function
buyPositionwhen user is buying he can accidentally send more eth than he is intended to do ,if user send's more than user will not get any refund that user will buy same position as other users but with a higher price. https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L492Impact
User will accidentally buy position with higher price and basically lose fund.
Code Snippet
https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L492
Tool used
Manual Review
Recommendation
put a price cap