Skip to content

Instantly share code, notes, and snippets.

@nuevoalex

nuevoalex/KnownIssues.md

Last active August 13, 2018 18:40
Show Gist options
  • Save nuevoalex/21432060da2dd5d547e0dc44ac1a6471 to your computer and use it in GitHub Desktop.
Save nuevoalex/21432060da2dd5d547e0dc44ac1a6471 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
KnownIssues.md

Known Contract Bugs

The following vulnerabilities / bugs are already known and are not eligible for bounty:

Incorrect Reporting Fee Calculation

The reporting fee in Augur is calculated and adjusted by comparing the OI within the platform to a target OI which is based on the price of REP. The goal of this is to dynamically adjust the fee rate downward when the price is too speculative and upward when the price does not reflect the fees being collected.

There is an error in the current contracts however which will prevent the fee from ever rising. Namely the getRepMarketCapInAttoeth function does not properly convert units and will always be many orders of magnitude too high when comparing to the target market cap.

While this is a very serious problem for the platform long term the intention is to release a v2 of the contracts within a relatively short time frame and since the price of REP is still highly speculative relative to OI this will almost certainly not become a problem.

Orderbook Linked List Ordering Bugs

The structure and logic for the on chain orderbook is spread throughout multiple contracts and is somewhat complex. While generally working correctly there are few known contract logic errors which can cause the orderbook to end up in a broken state.

The first is in the OrdersFetcher contract within the descendOrderList function. Note that if it finds an order of equal price it stops traversing. This is incorrect behavior since a new order of the same price should be considered worse than all orders of that price rather than just the first found. The result is incorrectly ordered orders of the same price, which while not technically correct is a minor issue.

The second ordering bug is found in the Orders contract in the updateWorstBidOrder and updateWorstAskOrder functions. Both of these will only update the respective best and worst orders when they are strictly worse price wise. A new order of the same price however should actually become the new worse order. The result of this bug is that the linked list can become broken and orders may end up being hidden in the orderbook. Steps within the UI have already been implemented to help order creators when this occurs rarely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment