fat32 - SWC-101 Arithmetic Underflow on parameter params.baseDiscount. BondFixedExpiryOSDAV1.t.sol BondFixedExpiryOSDA.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.baseDiscount

[sherlock-admin]

fat32

medium

SWC-101 Arithmetic Underflow on parameter params.baseDiscount. BondFixedExpiryOSDAV1.t.sol BondFixedExpiryOSDA.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.baseDiscount

SWC-101 Arithmetic Underflow on parameter params.baseDiscount. BondFixedExpiryOSDAV1.t.sol BondFixedExpiryOSDA.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.baseDiscount

Summary

The Base discount must be between 0 and 100e3 (100%) (but not 100e3). But it does not revert when using integer overflow. 1 call to test the Base discount must be between 0 and 100e3 (100%) (but not 100e3) using underflow does not revert even though the underflow sets the value to 100e3. The result is market created with several payout tokens.

Vulnerability Detail

// In the function
// function testCorrectness_CannotCreateMarketWithInvalidParams() 
// the following line was suffixed with integer underflow.  
// Base discount must be between 0 and 100e3 (100%) (but not 100e3)
        params.baseDiscount = uint48(100e3) - uint48(1);  // fat32 ovf
        vm.expectRevert(err);
        auctioneer.createMarket(abi.encode(params));

Impact

The Base discount must be between 0 and 100e3 (100%) (but not 100e3). But it does not revert when using integer overflow. 1 call to test the Base discount must be between 0 and 100e3 (100%) (but not 100e3) using underflow does not revert even though the underflow sets the value to 100e3. The result is market created with several payout tokens.

Code Snippet

Vulnerable code

https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/BondFixedExpiryOSDA.sol#L33-L55

POC> src/2023-02-bond-0xtr3/bonds/src/test/OSDA/BondFixedExpiryOSDAV1.t.sol

// Base discount must be between 0 and 100e3 (100%) (but not 100e3)
        params.baseDiscount = uint48(100e3) - uint48(1);
        vm.expectRevert(err);
        auctioneer.createMarket(abi.encode(params));

forge test -vvv --match-path src/test/OSDA/BondFixedExpiryOSDAV1.t.sol

Tool used

Foundry and Visual Studio Code.

Manual Review Log File:

forge test -vvv --match-path src/test/OSDA/BondFixedExpiryOSDAV1.t.sol
[⠆] Compiling...
No files changed, compilation skipped

Running 42 tests for src/test/OSDA/BondFixedExpiryOSDAV1.t.sol:BondFixedExpiryOSDAV1Test
[PASS] testCorrectness_BondTokenCannotRedeemBeforeExpiry(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1036, ~: 1026)
[PASS] testCorrectness_BondTokenMetadata(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1037, ~: 1028)
[PASS] testCorrectness_BondTokenMustBeCreatedByTeller(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1035, ~: 1026)
[PASS] testCorrectness_BondTokenRedemption(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1010, ~: 1004)
[PASS] testCorrectness_BondTokensIssued(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1037, ~: 1028)
[FAIL. Reason: Call did not revert as expected] testCorrectness_CannotCreateMarketWithInvalidParams() (gas: 4675985)
Traces:
  [4667585] BondFixedExpiryOSDAV1Test::testCorrectness_CannotCreateMarketWithInvalidParams() 
    ├─ [762949] → new MockERC20@0xA4AD4f68d0b91CFD19687c881e50f3A00242828c
    │   └─ ← 3576 bytes of code
    ├─ [762949] → new MockERC20@0x03A6a84cD762D9707A21605b548aaaB891562aAb
    │   └─ ← 3576 bytes of code
    ├─ [46634] MockERC20::mint(0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [24734] MockERC20::mint(0x2f66c75A001Ba71ccb135934F48d844b46454543, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x2f66c75A001Ba71ccb135934F48d844b46454543, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [24734] MockERC20::mint(0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [46634] MockERC20::mint(BondFixedExpiryOSDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: BondFixedExpiryOSDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [0] VM::prank(0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [0] VM::prank(0x2f66c75A001Ba71ccb135934F48d844b46454543) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x2f66c75A001Ba71ccb135934F48d844b46454543, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [0] VM::prank(0x8CE502537D13f249834eAa02DDe4781EBFe0d40f) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: BondFixedExpiryOSDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [22474] MockPriceFeed::setDecimals(18) 
    │   └─ ← ()
    ├─ [22359] MockPriceFeed::setLatestAnswer(50000000000000000000) 
    │   └─ ← ()
    ├─ [22379] MockPriceFeed::setTimestamp(1608336000) 
    │   └─ ← ()
    ├─ [22465] MockPriceFeed::setAnsweredInRound(1) 
    │   └─ ← ()
    ├─ [553] MockPriceFeed::setRoundId(1) 
    │   └─ ← ()
    ├─ [73797] BondChainlinkOracle::setPair(MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], true, 0x000000000000000000000000a0cb889707d426a7a386870a03bc70d1b069759800000000000000000000000000000000000000000000000000000000000151800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000) 
    │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ emit PairUpdated(quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], supported: true)
    │   └─ ← ()
    ├─ [540325] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e20000000000000000000000000000000000000000000000000000000000000271000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000069e10de76676d0800000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fefb780000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [96154] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 0
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [50202] BondChainlinkOracle::registerMarket(0, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(0) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 0, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(0) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(0) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 0, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609545600)
    │   ├─ [117551] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609545600) 
    │   │   ├─ [1212] MockERC20::name() [staticcall]
    │   │   │   └─ ← Payout Token
    │   │   ├─ [1255] MockERC20::symbol() [staticcall]
    │   │   │   └─ ← BT
    │   │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   ├─ [38858] → new <Unknown>@0xDD4c722d1614128933d6DC7EFA50A6913e804E12
    │   │   │   └─ ← 194 bytes of code
    │   │   ├─ emit ERC20BondTokenCreated(bondToken: 0xDD4c722d1614128933d6DC7EFA50A6913e804E12, underlying: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], expiry: 1609545600)
    │   │   └─ ← 0xDD4c722d1614128933d6DC7EFA50A6913e804E12
    │   └─ ← 0
    ├─ [550] BondFixedExpiryOSDA::marketScale(0) [staticcall]
    │   └─ ← 1000000000000000000000000000000000000
    ├─ [14801] BondFixedExpiryOSDA::marketPrice(0) [staticcall]
    │   ├─ [4901] BondChainlinkOracle::currentPrice(0) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   └─ ← 50000000000000000000000000000000000000
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [2385] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e200000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe67cff000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   └─ ← "Auctioneer_InvalidParams()"
    ├─ [363276] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e200000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 1
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(1, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(1) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 1, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(1) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(1) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 1, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 0)
    │   └─ ← 1
    ├─ [480250] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e200000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 2
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(2, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(2) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 2, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(2) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(2) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 2, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [116455] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   ├─ [1212] MockERC20::name() [staticcall]
    │   │   │   └─ ← Payout Token
    │   │   ├─ [1255] MockERC20::symbol() [staticcall]
    │   │   │   └─ ← BT
    │   │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   ├─ [38858] → new <Unknown>@0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   │   │   └─ ← 194 bytes of code
    │   │   ├─ emit ERC20BondTokenCreated(bondToken: 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A, underlying: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], expiry: 1609027200)
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 2
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [317615] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e200000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fde93ff) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 3
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(3, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(3) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 3, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(3) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(3) [staticcall]
    │   │   └─ ← 18
    │   └─ ← "Auctioneer_InvalidParams()"
    ├─ [365160] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e200000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe13700) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 3
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(3, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(3) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 3, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(3) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(3) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 3, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [3332] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 3
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [344315] BondFixedExpiryOSDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff211000000000000000000000000000000000000000000000000000000000001869f00000000000000000000000000000000000000000000000000000000000186a00000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 4
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(4, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(4) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOSDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 4, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(4) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(4) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 4, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [3332] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 4
    └─ ← "Call did not revert as expected"

[PASS] testCorrectness_ConcludeInCorrectAmountOfTime() (gas: 2778081)
[PASS] testCorrectness_CreateMarket(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 991, ~: 982)
[PASS] testCorrectness_FOTPayoutTokenFailsPurchase() (gas: 4565370)
[PASS] testCorrectness_FOTQuoteTokenFailsPurchase() (gas: 4423149)
[PASS] testCorrectness_FeesPaidInQuoteToken() (gas: 3042490)
[PASS] testCorrectness_MarketOwnershipPushAndPull() (gas: 2793120)
[PASS] testCorrectness_MarketScale(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1035, ~: 1027)
[PASS] testCorrectness_OnlyGuardianCanSetAllowNewMarkets() (gas: 2813026)
[PASS] testCorrectness_OnlyGuardianCanSetCreateFeeDiscount() (gas: 2809670)
[PASS] testCorrectness_OnlyGuardianCanSetProtocolFee() (gas: 2808467)
[PASS] testCorrectness_OnlyPolicyCanSetDefaults() (gas: 2817680)
[PASS] testCorrectness_OracleChangeAdjustsPrice(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1014, ~: 1006)
[PASS] testCorrectness_PayoutFor(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1013, ~: 1005)
[PASS] testCorrectness_PriceDecay(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 993, ~: 983)
[PASS] testCorrectness_ProtocolAndReferrerCanRedeemFees() (gas: 3198500)
[PASS] testCorrectness_PurchaseBond(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1060, ~: 1049)
[PASS] testCorrectness_ReferrerCanSetOwnFee() (gas: 2771873)
[PASS] testCorrectness_baseDiscount(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 995, ~: 984)
[PASS] testCorrectness_closeMarket_onlyMarketOwner(address) (runs: 256, μ: 2744641, ~: 2744641)
[PASS] testCorrectness_findMarketFor() (gas: 5840374)
[PASS] testCorrectness_getFee() (gas: 2766351)
[PASS] testCorrectness_isInstantSwap() (gas: 3124033)
[PASS] testCorrectness_isLive(uint48) (runs: 256, μ: 515, ~: 491)
[PASS] testCorrectness_liveMarketsBetween() (gas: 4489679)
[PASS] testCorrectness_liveMarketsBy() (gas: 3568800)
[PASS] testCorrectness_liveMarketsFor() (gas: 5653413)
[PASS] testCorrectness_marketsFor() (gas: 5882514)
[PASS] testCorrectness_maxAmountAccepted(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1017, ~: 1006)
[PASS] testCorrectness_ownerOf(address) (runs: 256, μ: 3128175, ~: 3128175)
[PASS] testCorrectness_purchase_minAmountOut(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1033, ~: 1026)
[PASS] testFail_CannotCreateNewMarketsIfSunset() (gas: 2820467)
[PASS] testFail_CreateMarketParamOutOfBounds(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 56281, ~: 29895)
[PASS] testFuzz_baseDiscount(uint8,uint8,bool,int8,int8,uint8,uint48) (runs: 256, μ: 1084, ~: 1076)
[PASS] testRevert_CannotSetDefaultsOutofBounds() (gas: 2802657)
[PASS] testRevert_purchase_BadOracleFeed(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1037, ~: 1028)
[PASS] test_createMarket_anyAddress(address) (runs: 256, μ: 3125920, ~: 3125920)
Test result: FAILED. 41 passed; 1 failed; finished in 209.97ms

Failing tests:
Encountered 1 failing test in src/test/OSDA/BondFixedExpiryOSDAV1.t.sol:BondFixedExpiryOSDAV1Test
[FAIL. Reason: Call did not revert as expected] testCorrectness_CannotCreateMarketWithInvalidParams() (gas: 4675985)

Encountered a total of 1 failing tests, 41 tests succeeded

Recommendation

Use safe math.

[Oighty]

This is not a finding. See comment in #11