w42d3n - Uncontrolled Registry in MarketFactory.sol

[sherlock-admin3]

w42d3n

medium

Uncontrolled Registry in MarketFactory.sol

Summary

A vulnerability lies in the function create, whereby a new market is created. The control over the registry of markets is not enforced effectively.

Vulnerability Detail

When the market is created, there is only a check for the instance of the oracle and if a market already exists for that particular oracle alone. There is no control over who can register a new oracle-provider market pair in the _markets mapping. This functionality should ideally be limited to trusted parties (like the owner of the contract) to prevent misuse.

Impact

In the event that an attacker can register a malicious oracle-provider market pair, they can potentially manipulate the newly created market's behaviours (oracle prices, etc.), which will affect all operations related to that market.

Code Snippet

The affected code snippet is in the create function.

newMarket = IMarket(address(_create(abi.encodeCall(IMarket.initialize, (definition)))));
_markets[definition.oracle][address(0)] = newMarket;

Tool used

Manual Review

Recommendation

The recommended fix is to add an authorization check within the create function that prevents any untrusted party from adding a new oracleProvider and market pair to the _markets mapping. Typically, this kind of operation should only be performed by the contract's owner or any other trusted entity.

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

panprog commented:

invalid, there is onlyOwner modifier

[nevillehuang]

Invalid, markets can only be created by admins as indicated by onlyOwner modifier as seen here, trusted to deploy them appropriately