Gorgeous Cobalt Frog - Markets that have been created with the removed Market Config will keep on selling and buying votes #130
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Gorgeous Cobalt Frog
Medium
Markets that have been created with the removed Market Config will keep on selling and buying votes
Summary
removeMarketConfig()allows the owner to controle the :liquidity, basePrice, creationCost
the issue is that the already created market will keep existing, this may lead to a critical issues
as a malicious user could abuse the removed liquidity parameter, which makes it possible to drain funds
from the market
Root Cause
MarketConfig.liquidityfor a critical reasonMarketConfig.liquidityparameter could be an issue in the calculation, and there is no mechanism that's allow the owner to control existing markets.Internal Pre-conditions
Using a Logarithmic Market Scoring Rule (LMSR), vote prices fluctuate dynamically based on demand, when the demand is high the code is designed to allow the owner to update the
MarketConfig.liquidityto prevent funds draining.External Pre-conditions
No response
Attack Path
No response
Impact
Owner is prevented from one of the key functionalities.
PoC
The Protocol allows the Owner to addMarketConfig() and removeMarketConfig() .
but there is no mechanism to change the created markets parameters.
Mitigation
No response
The text was updated successfully, but these errors were encountered: