Rain Disclosed Report

https://github.com/hackenproof-public/rain-contracts

SUMMARY A blacklisted user with an active order (especially one at the best bid/ask) can DoS the entire pool. The pool always tries to match new enterOption/buy/sell orders against the best order first, if that order belongs to a blacklisted address (USDC/USDT blacklist), this effectively freezes the pool’s ability to process new trades as the safeTransfer call in _executeSellOrder() reverts.

The Root Cause Sequence is as follows:

• firstSellOrderPrice[option] or firstBuyOrderPrice[option] points to an order owned by the blacklisted address.
• When a new trade triggers _executeSellOrder(), it calls:

IERC20(baseToken).safeTransfer(sellerAddress, userAmount);

• Since USDC reverts on transfers to or from blacklisted addresses, the entire call reverts.
• The revert prevents further execution — other valid sell orders aren’t reached, and the enterOption() / placeBuyOrder() transaction fails.

IMPACT

• Causes Denial of Service (DoS) for trading and option entry functions tied to the affected option.

MITIGATION

• implement a try catch in the transfer function to skip blacklisted user
• add a logic where protocol can cancel orders rather than only the user that made the order

INSTRUCTION

• Create the files, then copy and paste the code into them from the file below or the github repo
• then run: forge test --mt test_submission -vvv