fat32 - SWC-101 Arithmetic Underflow on parameter params.fixedDiscount. BondFixedExpiryOFDAV1.t.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.fixedDiscount

[sherlock-admin]

fat32

medium

SWC-101 Arithmetic Underflow on parameter params.fixedDiscount. BondFixedExpiryOFDAV1.t.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.fixedDiscount

SWC-101 Arithmetic Underflow on parameter params.fixedDiscount. BondFixedExpiryOFDAV1.t.sol function testCorrectness_CannotCreateMarketWithInvalidParams() params.fixedDiscount

Summary

The Fixed discount must be between 0 and 100e3 (100%) (but not 100e3). But it does not revert when using integer underflow. 1 call to test the Fixed discount must be between 0 and 100e3 (100%) (but not 100e3) using underflow does not revert even though the underflow sets the value to 100e3.

Vulnerability Detail

https://github.com/sherlock-audit/2023-02-bond/blob/main/bonds/src/BondFixedExpiryOFDA.sol#L41-L62

Impact

The Fixed discount must be between 0 and 100e3 (100%) (but not 100e3). But it does not revert when using integer underflow. 1 call to test the Fixed discount must be between 0 and 100e3 (100%) (but not 100e3) using underflow does not revert even though the underflow sets the value to 100e3.

Code Snippet

POC> src/test/OFDA/BondFixedExpiryOFDAV1.t.sol

// Fixed discount must be between 0 and 100e3 (100%) (but not 100e3)
        params.fixedDiscount = uint48(100e3) - uint48(1); // fat32 udf
        vm.expectRevert(err);
        auctioneer.createMarket(abi.encode(params));

forge test -vvv --match-path src/test/OFDA/BondFixedExpiryOFDAV1.t.sol

Tool used

Foundry and Visual Studio Code.

Manual Review Log File:

forge test -vvv --match-path src/test/OFDA/BondFixedExpiryOFDAV1.t.sol
[⠰] Compiling...
No files changed, compilation skipped

Running 41 tests for src/test/OFDA/BondFixedExpiryOFDAV1.t.sol:BondFixedExpiryOFDAV1Test
[PASS] testCorrectness_BondTokenCannotRedeemBeforeExpiry(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1037, ~: 1026)
[PASS] testCorrectness_BondTokenMetadata(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 992, ~: 984)
[PASS] testCorrectness_BondTokenMustBeCreatedByTeller(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1014, ~: 1004)
[PASS] testCorrectness_BondTokenRedemption(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1012, ~: 1004)
[PASS] testCorrectness_BondTokensIssued(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1016, ~: 1006)
[FAIL. Reason: Call did not revert as expected] testCorrectness_CannotCreateMarketWithInvalidParams() (gas: 4683509)
Traces:
  [4675109] BondFixedExpiryOFDAV1Test::testCorrectness_CannotCreateMarketWithInvalidParams() 
    ├─ [762949] → new MockERC20@0xA4AD4f68d0b91CFD19687c881e50f3A00242828c
    │   └─ ← 3576 bytes of code
    ├─ [762949] → new MockERC20@0x03A6a84cD762D9707A21605b548aaaB891562aAb
    │   └─ ← 3576 bytes of code
    ├─ [46634] MockERC20::mint(0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [24734] MockERC20::mint(0x2f66c75A001Ba71ccb135934F48d844b46454543, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x2f66c75A001Ba71ccb135934F48d844b46454543, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [24734] MockERC20::mint(0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: 0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [46634] MockERC20::mint(BondFixedExpiryOFDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], 1000000000000000000000000000) 
    │   ├─ emit Transfer(from: 0x0000000000000000000000000000000000000000, to: BondFixedExpiryOFDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], amount: 1000000000000000000000000000)
    │   └─ ← ()
    ├─ [0] VM::prank(0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x9aF2E2B7e57c1CD7C68C5C3796d8ea67e0018dB7, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [0] VM::prank(0x2f66c75A001Ba71ccb135934F48d844b46454543) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x2f66c75A001Ba71ccb135934F48d844b46454543, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [0] VM::prank(0x8CE502537D13f249834eAa02DDe4781EBFe0d40f) 
    │   └─ ← ()
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: 0x8CE502537D13f249834eAa02DDe4781EBFe0d40f, spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [24521] MockERC20::approve(BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], 1000000000000000000000000000) 
    │   ├─ emit Approval(owner: BondFixedExpiryOFDAV1Test: [0x7FA9385bE102ac3EAc297483Dd6233D62b3e1496], spender: BondFixedExpiryTeller: [0x5991A2dF15A8F6A256D3Ec51E99254Cd3fb576A9], amount: 1000000000000000000000000000)
    │   └─ ← true
    ├─ [22474] MockPriceFeed::setDecimals(18) 
    │   └─ ← ()
    ├─ [22359] MockPriceFeed::setLatestAnswer(50000000000000000000) 
    │   └─ ← ()
    ├─ [22379] MockPriceFeed::setTimestamp(1608336000) 
    │   └─ ← ()
    ├─ [22465] MockPriceFeed::setAnsweredInRound(1) 
    │   └─ ← ()
    ├─ [553] MockPriceFeed::setRoundId(1) 
    │   └─ ← ()
    ├─ [73797] BondChainlinkOracle::setPair(MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], true, 0x000000000000000000000000a0cb889707d426a7a386870a03bc70d1b069759800000000000000000000000000000000000000000000000000000000000151800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000000000000000000000000000000000000000000000000000000) 
    │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ emit PairUpdated(quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], supported: true)
    │   └─ ← ()
    ├─ [540039] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff2110000000000000000000000000000000000000000000000000000000000002710000000000000000000000000000000000000000000000000000000000000753000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000069e10de76676d0800000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fefb780000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [96154] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 0
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [50202] BondChainlinkOracle::registerMarket(0, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(0) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 0, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(0) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(0) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 0, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609545600)
    │   ├─ [117551] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609545600) 
    │   │   ├─ [1212] MockERC20::name() [staticcall]
    │   │   │   └─ ← Payout Token
    │   │   ├─ [1255] MockERC20::symbol() [staticcall]
    │   │   │   └─ ← BT
    │   │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   ├─ [38858] → new <Unknown>@0xDD4c722d1614128933d6DC7EFA50A6913e804E12
    │   │   │   └─ ← 194 bytes of code
    │   │   ├─ emit ERC20BondTokenCreated(bondToken: 0xDD4c722d1614128933d6DC7EFA50A6913e804E12, underlying: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], expiry: 1609545600)
    │   │   └─ ← 0xDD4c722d1614128933d6DC7EFA50A6913e804E12
    │   └─ ← 0
    ├─ [550] BondFixedExpiryOFDA::marketScale(0) [staticcall]
    │   └─ ← 1000000000000000000000000000000000000
    ├─ [6973] BondFixedExpiryOFDA::marketPrice(0) [staticcall]
    │   ├─ [4901] BondChainlinkOracle::currentPrice(0) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   └─ ← 45000000000000000000000000000000000000
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [2262] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000027100000000000000000000000000000000000000000000000000000000000007530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe67cff000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   └─ ← "Auctioneer_InvalidParams()"
    ├─ [362573] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000027100000000000000000000000000000000000000000000000000000000000007530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 1
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(1, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(1) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 1, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(1) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(1) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 1, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 0)
    │   └─ ← 1
    ├─ [479548] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000027100000000000000000000000000000000000000000000000000000000000007530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 2
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(2, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(2) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 2, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(2) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(2) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 2, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [116455] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   ├─ [1212] MockERC20::name() [staticcall]
    │   │   │   └─ ← Payout Token
    │   │   ├─ [1255] MockERC20::symbol() [staticcall]
    │   │   │   └─ ← BT
    │   │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   ├─ [38858] → new <Unknown>@0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   │   │   └─ ← 194 bytes of code
    │   │   ├─ emit ERC20BondTokenCreated(bondToken: 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A, underlying: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], expiry: 1609027200)
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 2
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [337383] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000027100000000000000000000000000000000000000000000000000000000000007530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fde93ff) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 3
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(3, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(3) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 3, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(3) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(3) [staticcall]
    │   │   └─ ← 18
    │   └─ ← "Auctioneer_InvalidParams()"
    ├─ [364458] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff21100000000000000000000000000000000000000000000000000000000000027100000000000000000000000000000000000000000000000000000000000007530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe13700) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 3
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(3, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(3) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 3, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(3) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(3) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 3, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [3332] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 3
    ├─ [0] VM::expectRevert(Auctioneer_InvalidParams()) 
    │   └─ ← ()
    ├─ [343613] BondFixedExpiryOFDA::createMarket(0x000000000000000000000000a4ad4f68d0b91cfd19687c881e50f3a00242828c00000000000000000000000003a6a84cd762d9707a21605b548aaab891562aab00000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d1499e622d69689cdf9004d05ec547d650ff211000000000000000000000000000000000000000000000000000000000001869f00000000000000000000000000000000000000000000000000000000000186a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021e19e0c9bab2400000000000000000000000000000000000000000000000000000000000000000ec40000000000000000000000000000000000000000000000000000000005fe7ce80000000000000000000000000000000000000000000000000000000005fe67d00) 
    │   ├─ [68254] BondAggregator::registerMarket(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb]) 
    │   │   └─ ← 4
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [249] MockERC20::decimals() [staticcall]
    │   │   └─ ← 18
    │   ├─ [48202] BondChainlinkOracle::registerMarket(4, MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c]) 
    │   │   ├─ [499] BondAggregator::getAuctioneer(4) [staticcall]
    │   │   │   └─ ← BondFixedExpiryOFDA: [0xc7183455a4C133Ae270771860664b6B7ec320bB1]
    │   │   ├─ emit MarketRegistered(id: 4, quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c])
    │   │   └─ ← ()
    │   ├─ [4901] BondChainlinkOracle::currentPrice(4) [staticcall]
    │   │   ├─ [723] MockPriceFeed::latestRoundData() [staticcall]
    │   │   │   └─ ← 1, 50000000000000000000, 0, 1608336000, 1
    │   │   ├─ [364] MockPriceFeed::decimals() [staticcall]
    │   │   │   └─ ← 18
    │   │   └─ ← 50000000000000000000
    │   ├─ [1288] BondChainlinkOracle::decimals(4) [staticcall]
    │   │   └─ ← 18
    │   ├─ emit MarketCreated(id: 4, payoutToken: MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], quoteToken: MockERC20: [0x03A6a84cD762D9707A21605b548aaaB891562aAb], vesting: 1609027200)
    │   ├─ [3332] BondFixedExpiryTeller::deploy(MockERC20: [0xA4AD4f68d0b91CFD19687c881e50f3A00242828c], 1609027200) 
    │   │   └─ ← 0x7ff9C67c93D9f7318219faacB5c619a773AFeF6A
    │   └─ ← 4
    └─ ← "Call did not revert as expected"

[PASS] testCorrectness_ConcludeInCorrectAmountOfTime() (gas: 2769220)
[PASS] testCorrectness_CreateMarket(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 11897, ~: 1027)
[PASS] testCorrectness_FOTPayoutTokenFailsPurchase() (gas: 4480238)
[PASS] testCorrectness_FOTQuoteTokenFailsPurchase() (gas: 4338017)
[PASS] testCorrectness_FeesPaidInQuoteToken() (gas: 2986024)
[PASS] testCorrectness_MarketOwnershipPushAndPull() (gas: 2768272)
[PASS] testCorrectness_MarketScale(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1014, ~: 1005)
[PASS] testCorrectness_OnlyGuardianCanSetAllowNewMarkets() (gas: 2804437)
[PASS] testCorrectness_OnlyGuardianCanSetCreateFeeDiscount() (gas: 2780777)
[PASS] testCorrectness_OnlyGuardianCanSetProtocolFee() (gas: 2779552)
[PASS] testCorrectness_OnlyPolicyCanSetDefaults() (gas: 2788765)
[PASS] testCorrectness_OracleChangeAdjustsPrice(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 994, ~: 984)
[PASS] testCorrectness_PayoutFor(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 992, ~: 983)
[PASS] testCorrectness_ProtocolAndReferrerCanRedeemFees() (gas: 3078751)
[PASS] testCorrectness_PurchaseBond(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1037, ~: 1027)
[PASS] testCorrectness_ReferrerCanSetOwnFee() (gas: 2743045)
[PASS] testCorrectness_closeMarket_onlyMarketOwner(address) (runs: 256, μ: 2715707, ~: 2715707)
[PASS] testCorrectness_findMarketFor() (gas: 5671267)
[PASS] testCorrectness_fixedDiscount(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 992, ~: 984)
[PASS] testCorrectness_getFee() (gas: 2737503)
[PASS] testCorrectness_isInstantSwap() (gas: 3094343)
[PASS] testCorrectness_isLive(uint48) (runs: 256, μ: 490, ~: 469)
[PASS] testCorrectness_liveMarketsBetween() (gas: 4446216)
[PASS] testCorrectness_liveMarketsBy() (gas: 3510087)
[PASS] testCorrectness_liveMarketsFor() (gas: 5623086)
[PASS] testCorrectness_marketsFor() (gas: 5682680)
[PASS] testCorrectness_maxAmountAccepted(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1060, ~: 1048)
[PASS] testCorrectness_ownerOf(address) (runs: 256, μ: 3098480, ~: 3098480)
[PASS] testCorrectness_purchase_minAmountOut(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1012, ~: 1004)
[PASS] testFail_CannotCreateNewMarketsIfSunset() (gas: 2811302)
[PASS] testFail_CreateMarketParamOutOfBounds(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 59090, ~: 29932)
[PASS] testFuzz_fixedDiscount(uint8,uint8,bool,int8,int8,uint8,uint48) (runs: 256, μ: 1108, ~: 1096)
[PASS] testRevert_CannotSetDefaultsOutofBounds() (gas: 2773764)
[PASS] testRevert_purchase_BadOracleFeed(uint8,uint8,bool,int8,int8,uint8) (runs: 256, μ: 1014, ~: 1006)
[PASS] test_createMarket_anyAddress(address) (runs: 256, μ: 3096225, ~: 3096225)
Test result: FAILED. 40 passed; 1 failed; finished in 207.56ms

Failing tests:
Encountered 1 failing test in src/test/OFDA/BondFixedExpiryOFDAV1.t.sol:BondFixedExpiryOFDAV1Test
[FAIL. Reason: Call did not revert as expected] testCorrectness_CannotCreateMarketWithInvalidParams() (gas: 4683509)

Encountered a total of 1 failing tests, 40 tests succeeded

Recommendation

Use safe math.

[Oighty]

This is not a finding. See comment on #11