WooSungD
commented
1 year ago As such, repetitive invocation of the
_deprecateMarket()function will inflate theepochInfo.latestExecutedEpochIndexby 2 as shownepochInfo.latestExecutedEpochIndex+= 2; which will affect the users' withdrawn amounts when they exit the deprecated market.
It is true that epochInfo.latestExecutedEpochIndex will be incremented by 2 every time _deprecateMarket() is called.
However, this has NO impact on the amounts that users can withdraw, because the pool token price remains the same.
When _deprecateMarket() is called, _rebalancePoolsAndExecuteBatchedActions() is called with 0 price change and emptyValueChangeAndFunding.
https://github.com/sherlock-audit/2022-11-float-capital/blob/090c1096aacc0e7dc31bc1d00a82357f9c76fbd4/contracts/market/template/MarketCore.sol#L609
Therefore the liquidities do not shift between pools when it is called, thus not resulting in shift in pool values when _deprecateMarket()is called multiple times, thus not resulting in any change in pool token price.
Even if some users have redeemed their tokens from a deprecated market, the reduction in pool value will have been done at the pool token price at deprecation, which would not affect pool token price for subsequent redeems (ratio of pool value to number of tokens will remain the same).
Adding a check to prevent deprecating a market that has already been deprecated is sensible - will discuss with team.
JasoonS
Evert0x
dic0de
high
Market Can Be Deprecated more than once
Summary
The
MarketCore.solcontract has a deprecate mechanism as a fall back mechanism in case of a black swan event. The call to deprecate the market can be done through the two following means:deprecateMarketNoOracleUpdates ()https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L625-L630.admininitiates the deprecate process as shown here https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L632-L635.Both means to deprecate the market further calls the internal
_deprecateMarket ()function which updates theepochInfo.latestExecutedEpochIndexas shown here https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L602-L621.The changed
epochInfo.latestExecutedEpochIndexis used in the calculation of the amount when users are exiting the deprecated market as shownuint256 amount = balance.mul(poolToken_priceSnapshot[epochInfo.latestExecutedEpochIndex][poolType][poolIndex]);in the_exitDeprecatedMarket ()function as shown here: https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L639-L662As such, repetitive invocation of the
_deprecateMarket ()function will inflate theepochInfo.latestExecutedEpochIndexby 2 as shownepochInfo.latestExecutedEpochIndex += 2;which will affect the users' withdrawn amounts when they exit the deprecated market.Vulnerability Detail
The means to deprecate the market calls the internal
_deprecateMarket ()function which updates theepochInfo.latestExecutedEpochIndexas shown here https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L602-L621.The changed
epochInfo.latestExecutedEpochIndexis used in the calculation of the amount when users are exiting the deprecated market as shownuint256 amount = balance.mul(poolToken_priceSnapshot[epochInfo.latestExecutedEpochIndex][poolType][poolIndex]);in the_exitDeprecatedMarket ()function as shown here: https://github.com/sherlock-audit/2022-11-float-capital/blob/main/contracts/market/template/MarketCore.sol#L639-L662Impact
Repetitive invocation of the
_deprecateMarket ()function will inflate theepochInfo.latestExecutedEpochIndexby 2 which will affect the users' withdrawn amounts when they exit the deprecated market.Code Snippet
Tool used
Manual Review
Recommendation
Consider ensuring
deprecateMarket ()cannot be invoked more than once.