In `PreMarkert::listOffer` when `offerSettleType` is in `Turbo`, Traders can list offers with original/pre offer that have already been aborted/cancelled.
Summary
In PreMarkert::listOffer when listing an offer for a taker stock, when an offer is in turbo mode there are no checks to see if the stock's origin/pre offer hasn't been aborted to ensure that it still has collateral hence listing offers that have no collateral reducing the contract's security.
Vulnerabilty Details
Traders can list offer in Turbo mode when a stock's original offer has already been aborted or cancelled, this occurs because the function PreMarkert::listOffer doesn't check to see if an offer hasn't been cancelled/aborted.
The check for turbo mode only assigns the AbortOfferStatus and checks if the collateral fee is the same as that of the origin offer.
Impact
The contract's security is reduced as offers without collateral trade points without value and are less secure. Every offer on the markertPlace should have collateral to back it and this is violated.
Tools Used
Manual Review
Recommened Mitigation
Consider adding checks in PreMarkert::listOffer to see if the original/pre offer in turbo mode hasn't been aborted/cancelled.
Lead Judging Commences
finding-Premarkets-listOffer-lack-check-abort-relist
Leaving high severity for now but will leave open for appeals. Technically, users can choose not to transact this type offers if they are aware of such undercollaterized relisted offers, in which case it will have no impact. However, if subsequent takers transact this relisted offers, this can allow profits without having to settle any points.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.