Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

No check if market is up in abortBidTaker but presnt in abortAskOffer

yotov721

Summary

Orders can only be created or abandoned/closed when the market is up. This check is however missing when aborting bid taker offers.

Vulnerability Details

The protocol has the functionality that users can participate in a bid-ask offers. They can create offers as market makers on different markets or act as market takers that fill offers.

On every acction there is a check that verifies the market status is Online.

/// @dev market place must be online

ISystemConfig systemConfig = tadleFactory.getSystemConfig();

MarketPlaceInfo memory marketPlaceInfo = systemConfig

.getMarketPlaceInfo(params.marketPlace);

=> marketPlaceInfo.checkMarketPlaceStatus(

block.timestamp,

MarketPlaceStatus.Online

);

Only the PreMarkets::abortBidTaker function is missing the check if the market is open.
However it should be that a user should be able to abort his offer even if the market is paused - then there should NOT be a check in abortAskOffer

Impact

Bypassing major protocol policies could lead to lost funds

Tools Used

Manual Review

Recommendations

Check if the market is up on `abortAskOffer`

function abortAskOffer(address _stock, address _offer) external {

StockInfo storage stockInfo = stockInfoMap[_stock];

OfferInfo storage offerInfo = offerInfoMap[_offer];

if (offerInfo.authority != _msgSender()) {

revert Errors.Unauthorized();

}

if (stockInfo.offer != _offer) {

revert InvalidOfferAccount(stockInfo.offer, _offer);

}

if (offerInfo.offerType != OfferType.Ask) {

revert InvalidOfferType(OfferType.Ask, offerInfo.offerType);

}

if (offerInfo.abortOfferStatus != AbortOfferStatus.Initialized) {

revert InvalidAbortOfferStatus(

AbortOfferStatus.Initialized,

offerInfo.abortOfferStatus

);

}

if (offerInfo.offerStatus != OfferStatus.Virgin &&

offerInfo.offerStatus != OfferStatus.Canceled) {

revert InvalidOfferStatus();

}

MakerInfo storage makerInfo = makerInfoMap[offerInfo.maker];

if (makerInfo.offerSettleType == OfferSettleType.Turbo &&

stockInfo.preOffer != address(0x0)

) {

revert InvalidOffer();

}

/// @dev market place must be online

+ MakerInfo storage makerInfo = makerInfoMap[offerInfo.maker];

+ ISystemConfig systemConfig = tadleFactory.getSystemConfig();

+ MarketPlaceInfo memory marketPlaceInfo = systemConfig.getMarketPlaceInfo(makerInfo.marketPlace);

+ marketPlaceInfo.checkMarketPlaceStatus(

+ block.timestamp,

+ MarketPlaceStatus.Online

+ );

...

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[invalid] finding-PreMarkets-abortBidTaker-lack-check-abort

Informational, during emergencies, even if abortions are allowed, withdrawal can be paused and collateral cannot be pulled anyways (`whenNotPaused` modifier within `withdraw()`), so there is no impact here, given funds outflow can be paused.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.