Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Asymmetric Settlement Mechanisms Enabling Market Manipulation

dimi6oni

Summary

The Tadle protocol implements asymmetric settlement mechanisms for ask and bid offers in its pre-market infrastructure. This asymmetry allows for partial settlements of ask offers but requires full settlements of bid offers, creating opportunities for sophisticated attackers to artificially influence market prices and liquidity.

Vulnerability Detail

The asymmetry in settlement mechanisms is primarily observed in two functions within the DeliveryPlace contract:

settleAskMaker function allows partial settlements:

function settleAskMaker(address _offer, uint256 _settledPoints) external {

// ... (input validation)

if (_settledPoints > offerInfo.usedPoints) {

revert InvalidPoints();

}

// ... (other checks)

uint256 settledPointTokenAmount = marketPlaceInfo.tokenPerPoint * _settledPoints;

// ... (token transfers)

IPerMarkets perMarkets = tadleFactory.getPerMarkets();

perMarkets.settledAskOffer(

_offer,

_settledPoints,

settledPointTokenAmount

);

// ... (event emission)

}

closeBidOffer function requires full settlement:

function closeBidOffer(address _offer) external {

// ... (various checks)

uint256 refundAmount = OfferLibraries.getRefundAmount(

offerInfo.offerType,

offerInfo.amount,

offerInfo.points,

offerInfo.usedPoints,

offerInfo.collateralRate

);

// ... (refund and status update)

}

This asymmetry is further compounded by the createTaker function in the PreMarkets contract, which handles both ask and bid offers:

function createTaker(address _offer, uint256 _points) external payable {

// ... (checks and balances)

OfferInfo storage offerInfo = offerInfoMap[_offer];

// ... (update offer info)

stockInfoMap[stockAddr] = StockInfo({

// ... (stock info initialization)

});

// ... (update balances and emit events)

}

Impact

The impact of this design choice includes:

Liquidity Imbalances: The ability to partially settle ask offers but not bid offers could lead to skewed market liquidity.
Price Volatility: Rapid creation and partial settlement of ask offers combined with full closures of bid offers could induce artificial price swings.
User Losses: Smaller traders or less sophisticated users might find themselves trapped in unfavorable positions due to rapid market movements.

Tool used

Manual Review

Recommendation

Implement Symmetric Settlement: Allow partial settlements for both ask and bid offers, or require full settlements for both. This would eliminate the asymmetry that could be exploited.
Gradual Settlement: For large offers, implement a mechanism for gradual settlement over time, rather than allowing instant large-scale settlements.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.