Failure to Support Child Markets Due to Hardcoded Parent ID for Collection Calculation
Summary
n the protocol’s prediction market, there is a flaw in the _derivePositionId function where the calculation of collectionId uses a hardcoded value of bytes32(0) for the parent ID. This approach prevents the protocol from supporting child markets or nested questions, as the hardcoded parent ID leads to incorrect collectionId values. This, in turn, results in incorrect positionId values, potentially impacting the correct processing and identification of market positions.
Root Cause
The _derivePositionId function is responsible for calculating the positionId based on the proposal data. When proposal.questionType is Binary, the function calculates the conditionId using the _getConditionId function with parameters like UMA_CTF_ADAPTER, proposal.questionId, and the number of outcomes (2 in this case).
However, the collectionId calculation hardcodes the parentCollectionId to bytes32(0), without any flexibility for nested or child market structures. Code
Since CTF.getCollectionId is called with bytes32(0) as the parent collection ID, the collectionId generated may be incorrect if the protocol intended to support markets that have parent-child relationships or any kind of hierarchy.
In a prediction market protocol that supports nested markets, child markets rely on correctly deriving collection and position IDs based on the parent market. By hardcoding the parent ID, the protocol inadvertently restricts itself to a non-hierarchical market model, making it incompatible with child or dependent markets. This leads to the following issues:
Incorrect collectionId: Due to the hardcoded parent ID, the collectionId generated for markets with child relationships will be incorrect.
Incorrect positionId: As a result of the incorrect collectionId, the positionId derived using this collectionId will also be incorrect, impacting further calculations and market operations.
Protocol Incompatibility: Markets or questions with dependencies (such as child markets) cannot be accurately represented within the protocol. This severely limits the protocol's flexibility and functionality.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The hardcoded parent ID in collectionId calculation creates the following problems:
Gorgeous Sangria Ant
Medium
Failure to Support Child Markets Due to Hardcoded Parent ID for Collection Calculation
Summary
n the protocol’s prediction market, there is a flaw in the _derivePositionId function where the calculation of collectionId uses a hardcoded value of bytes32(0) for the parent ID. This approach prevents the protocol from supporting child markets or nested questions, as the hardcoded parent ID leads to incorrect collectionId values. This, in turn, results in incorrect positionId values, potentially impacting the correct processing and identification of market positions.
Root Cause
The _derivePositionId function is responsible for calculating the positionId based on the proposal data. When proposal.questionType is Binary, the function calculates the conditionId using the _getConditionId function with parameters like UMA_CTF_ADAPTER, proposal.questionId, and the number of outcomes (2 in this case).
However, the collectionId calculation hardcodes the parentCollectionId to bytes32(0), without any flexibility for nested or child market structures. Code
Since CTF.getCollectionId is called with bytes32(0) as the parent collection ID, the collectionId generated may be incorrect if the protocol intended to support markets that have parent-child relationships or any kind of hierarchy.
In a prediction market protocol that supports nested markets, child markets rely on correctly deriving collection and position IDs based on the parent market. By hardcoding the parent ID, the protocol inadvertently restricts itself to a non-hierarchical market model, making it incompatible with child or dependent markets. This leads to the following issues:
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The hardcoded parent ID in collectionId calculation creates the following problems:
PoC
No response
Mitigation
No response