`PreMarket::listOffer` writes `abortOfferStatus` to memory, but should to storage
Summary
In PreMarket::listOffer function, `abortOfferStatus` should be changed inside OfferInfo struct. It is done in memory of the function, but should be done inside the storage
Vulnerability Details
Inside PreMarket::listOffer function, if offer settle type is Turbo, we should fetch current offer info to change it. Offer info lives in the storage mapping - offerInfoMap. After the fetch, the offer info's abortOfferStatus is changes to SubOfferListed. The problem is that offer info struct was fetched and saved to memory, not storage:
So this status change will not be written to the storage
Impact
Wrong storage state after listOffer function
Tools Used
Manual review
Recommendations
Lead Judging Commences
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.