Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possibility of collateral mismatch due to missing `msg.value` verification

0xmilenov

Summary

createOffer and listOffer functions allow a mismatch between the required collateral (transferAmount) and the actual msg.value sent by the user, potentially leading to insufficient or excessive collateral being posted.

Vulnerability Details

The createOffer function and the listOffer function, inside PreMarkets.sol calculates the transferAmount but doesn't check if it matches the msg.value sent by the user. This oversight could result in incorrect collateral being transferred, which may destabilize the offer.

Additionally, there's no check for a maximum collateralRate, potentially allowing excessively high collateral requirements.

uint256 transferAmount = OfferLibraries.getDepositAmount(
params.offerType,
params.collateralRate,
params.amount,
true,
Math.Rounding.Ceil
);
// Missing: Check that transferAmount equals msg.value
ITokenManager tokenManager = tadleFactory.getTokenManager();
tokenManager.tillIn{value: msg.value}(
_msgSender(),
params.tokenAddress,
transferAmount,
false
);

Impact

This can lead to collateral mismatches, resulting in insufficient or excessive collateral being posted, and unexpected behavior due to the lack of a maximum collateralRate check.

Tools Used

Imagination

Recommendations

The contract should include a check in both functions to ensure msg.value matches transferAmount and enforce a reasonable limit on collateralRate to prevent these issues.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!