Oighty
commented
1 year ago I went back and forth on this. The idea is that allowing a maxDiscount of 100% implies no minimum price, but does allow a potential situation where 0 quote tokens are required to drain the market capacity. fixedDiscount and baseDiscount are not allowed to be 100% because that would definitely mean it would be free. We'll consider implementing the change, but the practical difference between a 100% discount and a 99.999% discount is negligible. At the end of the day, this doesn't materially change the risk.
MultiSig
medium
minPrice Can Be 0 If maxDiscountFromCurrent Is Set To ONE_HUNDRED_PERCENT
Summary
The minPrice of bonds can be 0 if maxDiscountFromCurrent is set to ONE_HUNDRED_PERCENT. Thus, the bonds don't have a minimum price, and if the discounted price keeps going down, the market maker will lose a large amount of money due to the unexpectedly low price.
Vulnerability Detail
When
maxDiscountFromCurrentis accidentally set to 1e5 ( which might be a typo for 1e4), thenmaxDiscountFromCurrentwill bypass the check andterm.minPricewill be 0 as 0 divides 1e5.https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/bases/BondBaseOFDA.sol#L162-L168
https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/bases/BondBaseOSDA.sol#L165-L172
Impact
In the event that the maxDicountFromCurrent is set wrongly, the discounted price can keep reaching down without a floor, and if that happens, the fatest taker will extract as many payout tokens as possible before reaching the
maxPayoutlimit from the market. Taker gain is maker loss.Code Snippet
https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/bases/BondBaseOFDA.sol#L162-L168
https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/bases/BondBaseOSDA.sol#L165-L172
Tool used
Manual Review
Recommendation
consider disallowing max discount to be ONE_HUNDREDPERCENT or hard code a min price. `if (params.maxDiscountFromCurrent >= ONE_HUNDRED_PERCENT) revert Auctioneer_InvalidParams();`