'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Rain Disclosed Report
Audit report Rain Smart Contract Audit ContestDouble Platform Sbare Charging Leads To Smaller WinningPoolShare
hiddenTarget
https://github.com/hackenproof-public/rain-contracts
Vulnerability Details
Description
The enterOption function of the RainPool contract incorrectly charges the platformShare fee twice when executing buy orders that match existing sell orders in the order book.
At the start of enterOption, the protocol deducts the platform fee (platformShare) from the user’s total amount, regardless of whether the funds will be used to buy directly from the protocol or through existing sell orders.
If the order is instead matched with sell orders via _executeSellOrder, the function charges the platformShare again — resulting in double counting of fees on the same amount of funds.
While these double-charged fees aren’t immediately lost by the individual user (since the platformShare is deducted from the winning pool upon market close), they directly impact all users by inflating the platform’s share and reducing the pool’s distributable amount.
Recommendation
To fix the issue, move the platformShare fee calculation in enterOption to the end of the function.
Compute it based on totalAmountUsed, which represents the funds used to buy directly from the protocol (getReturnedShares) and excludes amounts already used for sell order executions (_executeSellOrder).
This ensures consistent fee behavior and prevents double-charging when orders are matched through the order book.
Validation steps
Steps to Reproduce
- Create a market with two options.
- Have
user1enter option 1 and place a sell order for it. - Have
user2buy shares throughenterOption. Since there’s a sell order available, the purchase will execute_executeSellOrder, triggering the platform fee twice. - Have
user3place a buy order with the same amount of funds throughplaceBuyOrder. - Observe that the
platformShareincreases roughly 2x more when usingenterOptionthan when usingplaceBuyOrderfor the same purchase volume.
Proof of Concept Explanation
Execute the test by placing the file at /test folder and running forge test --mt test_Charging_Fees_Twice --fork-url https://arb1.arbitrum.io/rpc -vvv
- The test creates 3 users
- User1 calls
enterOptionwith option 1 and creates a sellOrder throughplaceSellOrder - User2 calls
enterOptionwith option 1 and amount half of the cost of user1's sell order. - User3 calls
placeBuyOrderwith option 1 and amount half of the cost of user1's sell order. - Notice that both users paid the same amount of funds to buy option 1, through different methods.
- User2 increased the
platformShareby ~5000baseToken, while user3 increasedplatformShareby ~2450baseToken. - While both users bought option with the same amount of
baseToken, and by filling a sell order, user3 paid double theplatformShareleading to losses for all the users.
Expected Result
The platformShare should increase proportionally for both users.
Actual Result
enterOption charges roughly double the fee compared to placeBuyOrder for the same volume.
Attachments
hidden 
Comments on this report are hidden 
Details hidden
Participants hidden