Tadle

Github

• https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/MarketPlaceLibraries.sol#L20

Summary

The getMarketPlaceStatus function is used to determine the current status of a marketplace based on the Token Generation Event (TGE) timestamp and the current block timestamp. However, the function's handling of a zero tge timestamp could lead to unexpected behavior or incorrect status reporting.

Vulnerability Details

If the tge value is zero, the function immediately returns the current marketplace status without further checks. This approach assumes that a zero tge implies that the marketplace is in a non-settled or initial state. By returning the marketplace's status as-is when tge is zero, the function might incorrectly represent the marketplace's state, especially if a zero tge is intended to denote a specific inactive state.

Different functions of PreMarkets depend on checkMarketPlaceStatus which in turn depend on getMarketPlaceStatus function and expects to correctly return check the status of market and works if it is online. Lets say if the status of market is online but it has 0 tge then getMarketPlaceStatus will return the current status of the market and it will be wrongly assumed to be online.

When tge is zero, the function does not check other conditions or statuses and directly returns the current status. This might not align with intended behavior if zero tge signifies a special or inactive state.

Impact

Marketplace status might be inaccurately reported if tge is zero. For instance, the marketplace could be incorrectly considered Online, or in an unintended state, affecting user interactions and transactions.

Tools Used

Manual Review

Recommendations

Update the function to handle cases where tge is zero more explicitly. Define a clear behavior or status for a zero tge, such as setting it to Offline or another appropriate status.