Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

The user will be able to close Bid Offer even in case if marketplace is not in BidSettling

0xaman

Summary

The owner of a bid offer will call closeBidOffer to close the bid. The bid offer should only be closed when the market is in the BidSettling state. However, the current code allows the owner to close the bid even when the market is in the AskSettling state.

Vulnerability Details

The Tadle market maintains different statuses for various purposes. If The market is in the Online state,The takers and makers can place their offers for bids and asks. After the TGE phase, the market transitions to the AskSettling state. Following the TGE and the settlement period, the market moves to the BidSettling state.

The issue here is that the owner should only be allowed to close a bid offer when the market is in the BidSettling state. However, the code currently checks for both BidSettling and AskSettling states, which means that a bid offer can be closed even when the market is in the AskSettling state.

function closeBidOffer(address _offer) external {
(
OfferInfo memory offerInfo,
MakerInfo memory makerInfo,
,
MarketPlaceStatus status
) = getOfferInfo(_offer);
if (_msgSender() != offerInfo.authority) {
revert Errors.Unauthorized();
}
if (offerInfo.offerType == OfferType.Ask) {
revert InvalidOfferType(OfferType.Bid, OfferType.Ask);
}
if (
@1> status != MarketPlaceStatus.AskSettling &&
status != MarketPlaceStatus.BidSettling
) {
revert InvaildMarketPlaceStatus();
}

POC :

Add following test case to PreMarket.t.sol :

function test_Close_Bid_Offer_In_AskSettling() public {
vm.startPrank(user);
preMarktes.createOffer(
CreateOfferParams(
marketPlace,
address(mockUSDCToken),
1000,
0.01 * 1e18,
12000,
300,
OfferType.Bid,
OfferSettleType.Turbo
)
);
address offerAddr = GenerateAddress.generateOfferAddress(0);
preMarktes.createTaker(offerAddr, 1000);
vm.stopPrank();
vm.startPrank(user1);
systemConfig.updateMarket(
"Backpack",
address(mockPointToken),
0.01 * 1e18,
block.timestamp - 1,
3600
);
// upddate the market status only for assertion purpose
systemConfig.updateMarketPlaceStatus(
"Backpack",
MarketPlaceStatus.AskSettling
);
vm.stopPrank();
address _marketPlace = GenerateAddress.generateMarketPlaceAddress(
"Backpack"
);
MarketPlaceInfo memory info = systemConfig.getMarketPlaceInfo(
_marketPlace
);
assertEq(uint(info.status), uint(MarketPlaceStatus.AskSettling));
vm.startPrank(user);
deliveryPlace.closeBidOffer(offerAddr);
vm.stopPrank();
}

Run With Command : forge test --mt test_Close_Bid_Offer_In_AskSettling

Impact

The offer owner is currently allowed to close a bid offer even when the market is in the AskSettling status. However, AskSettling is intended for settling Ask Offers, not Bid Offers. Tadle also maintains specific time frames for each market state.

Tools Used

Manual Review

Recommendations

Remove AskSettling check for if condition :

@@ -49,7 +49,6 @@ contract DeliveryPlace is DeliveryPlaceStorage, Rescuable, IDeliveryPlace {
}
if (
- status != MarketPlaceStatus.AskSettling &&
status != MarketPlaceStatus.BidSettling
Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-closeBidOffer-AskSettling

Leaving medium severity for now, this is true, given in `getMarketPlaceStatus`, `BidSettling` phase only occurs after settlement period has passed as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/MarketPlaceLibraries.sol#L34-L38). Although I am unsure if there are any significant fund loss impact, given the funds are still correctly transacted. Will reconsider severity during appeals period.

Appeal created

cryptomoon Auditor
10 months ago
0xbrivan2 Auditor
10 months ago
0xnevi Lead Judge
10 months ago
0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-closeBidOffer-AskSettling

Leaving medium severity for now, this is true, given in `getMarketPlaceStatus`, `BidSettling` phase only occurs after settlement period has passed as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/MarketPlaceLibraries.sol#L34-L38). Although I am unsure if there are any significant fund loss impact, given the funds are still correctly transacted. Will reconsider severity during appeals period.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.