`closeBidOffer()` is callable during `AskSettling` Phase
Summary
The closeBidOffer() function in the DeliveryPlace contract is callable when the market status is either MarketPlaceStatus.AskSettling or MarketPlaceStatus.BidSettling. This is problematic because the function is intended to close bid offers, and it should logically only be callable during the BidSettling phase.
Allowing it to be called during the AskSettling phase can lead to unauthorized and unintended operations.
Vulnerability Details
The function allows execution during both AskSettling and BidSettling phases.
Impact
This can lead to unauthorized closing of bid offers during the AskSettling phase, which is not the intended behavior.
Tools Used
Manual Review
Recommendations
The function should only allow execution during the BidSettling phase.
Lead Judging Commences
finding-PreMarkets-closeBidOffer-AskSettling
Leaving medium severity for now, this is true, given in `getMarketPlaceStatus`, `BidSettling` phase only occurs after settlement period has passed as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/libraries/MarketPlaceLibraries.sol#L34-L38). Although I am unsure if there are any significant fund loss impact, given the funds are still correctly transacted. Will reconsider severity during appeals period.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.