First Flight #13: Baba Marta
First Flight #13
Beginner FriendlyFoundryGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing Functionality: cancelListing

0xE79e

Summary

The contract MartenitsaMarketplace.sol is missing the cancelListing functionality.

Vulnerability Details

The contract doesn't include a function for sellers to cancel the sale listing of a martenitsaToken, as mentioned in the docs. This absence could inconvenience sellers aiming to remove their listed tokens from the marketplace.

Impact

The absence of a cancelListing function means that sellers are unable to withdraw their tokens from the marketplace once listed. This could lead to frustration for users who mistakenly list their tokens or change their minds about selling them, so the token should be bought by a user or by the producer himself, otherwise it will be stuck in the contract.

Tools Used

Manual Review, docs

Recommendations

  • Implement cancelListing Function

  • Test the contract under various scenarios to ensure its functionality.

+ function cancelListing(uint256 tokenId) external {
+ Listing storage listing = tokenIdToListing[tokenId];
+ require(
+ msg.sender == listing.seller,
+ "You are not the seller of this token"
+ );
// Check if the token is listed for sale
+ require(listing.forSale, "Token is not listed for sale");
// Clear the listing
+ delete tokenIdToListing[tokenId];
// Transfer the token back to the seller
+ martenitsaToken.safeTransferFrom(address(this), msg.sender, tokenId);
+ }
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.