Missing whitelist check for token addresses
Summary
createOffer function fails to verify if the tokenAddress provided by the user is whitelisted. This could lead to unauthorized tokens being used in offers.
Vulnerability Details
PreMarkets.sol, In the createOffer function, there is no check to confirm whether the tokenAddress provided by the user is on the platform's whitelist. This omission allows users to create offers using any token address, including those that may not be approved or that could be malicious.
Without a whitelist check, the contract cannot enforce that only approved tokens are used in the marketplace, potentially compromising the integrity of the platform and the safety of its users.
That said, a user can specify any tokenAddress when creating an offer, even if that token is not approved by the platform. This could lead to offers being made with tokens that have not undergone security checks or that could be harmful to the platform.
The contract should validate that the tokenAddress is on a predefined whitelist before allowing the creation of an offer.
Impact
Allowing unauthorized tokens could expose the marketplace to security risks and financial losses.
Tools Used
Imagination
Recommendations
Please implement a whitelist check for the tokenAddress in the createOffer function inside PreMarkets.sol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.