[Market] Off-by-one error allows exceeding OrderMaxBids limit

[KentaMori115]

Assign the support label to any support escalation issues

Labels: bug, security, market

Describe the bug
The bid count validation check uses > instead of >=, allowing one more bid to be created than the OrderMaxBids parameter allows. This violates the intended limit.

Location: x/market/handler/server.go:43

Code:

if ms.keepers.Market.BidCountForOrder(ctx, msg.ID.OrderID()) > params.OrderMaxBids {
    return nil, fmt.Errorf("%w: too many existing bids (%v)", v1.ErrInvalidBid, params.OrderMaxBids)
}

Impact:

• Violates parameter limits
• Inconsistent with intended behavior

To Reproduce

1. Set OrderMaxBids parameter to 20
2. Create exactly 20 bids for an order
3. Attempt to create a 21st bid
4. Observed: Bid creation succeeds (should fail)
5. Expected: Bid creation should be rejected

Expected behavior
When the current bid count equals OrderMaxBids, new bid creation should be rejected. The check should use >= instead of >.

Proposed Fix:

if ms.keepers.Market.BidCountForOrder(ctx, msg.ID.OrderID()) >= params.OrderMaxBids {
    return nil, fmt.Errorf("%w: too many existing bids (%v)", v1.ErrInvalidBid, params.OrderMaxBids)
}

Additional context

• Default OrderMaxBids is 20 (from x/market/simulation/genesis.go:18)
• This bug allows creating OrderMaxBids + 1 bids total
• Related issue: BidCountForOrder counts all bid states (Open/Active/Closed), which may also need review