MarketPlace name uniqueness is not checked in `createMarketPlace`
Summary
The createMarketPlace function in the SystemConfig contract does not enforce uniqueness for marketplace names. This lack of uniqueness checks can lead to duplicate marketplace entries, causing inconsistencies and potentially overwriting existing data. Furthermore it's impractical for the owner to manually check all of the marketplace names everytime he creates a new marketplace.
Vulnerability Details
The function generates a marketplace address using the _marketPlaceName without verifying if the name has already been used for another marketplace.
This can lead to the creation of multiple marketplaces with the same name, possibly resulting in overwriting the existing marketplace data.
The absence of a mechanism to check the uniqueness of the _marketPlaceName allows duplicate marketplace entries.
Impact
If a marketplace with the same name already exists, creating another marketplace with the same name can overwrite the existing data, resulting in loss or corruption of marketplace information. The presence of marketplaces with identical names can cause inconsistencies in querying and managing marketplace data, making it challenging to maintain a reliable and coherent system state.
Tools Used
Manual review
Recommendations
Implement a mapping to track existing marketplace names, ensuring that new entries are unique.
Before creating a marketplace, check the marketplace name against the existingMarketPlaceNames mapping to confirm it hasn't been used previously.
Lead Judging Commences
[invalid] finding-SystemConfigcreateMarketPlace-unique
Invalid, admins trusted to create marketplaces accordingly with appropriate inputs, as stated in READ.ME. If they do, there will be no issues.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.