Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Ask maker will unfairly lose his complete collateral

anonymousjoe

Summary

If an ask maker fails to deliver the **complete **used_points, his complete collateral will be unfairly lost.

Vulnerability Details

Assumption: The seller (ask maker) should only lose the collateral corresponding to the unused_points.

Even if a seller is able to pay only part of the used_points, the seller will lose his complete collateral.(The buyer gets the corresponding points and the collateral both)

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L276-L307

if (_settledPoints == offerInfo.usedPoints) {

Since this check wouldnt pass, the seller's balance wont be updated with any amount and thus loses his entire collateral.

This would encourage sellers to always close their offers (before the settlement period starts), so as to get their collateral corresponding to the unused_points back. Also no seller will ever partially settle the points since they get no benefit from doing so, they lose the points and the collateral too.

Note: collateral corresponding to unused_points = offerInfo.amount x collateral x (1 - offerInfo.used_points/offerInfo.points)

Impact

Loss of funds for sellers incase of failure in complete payment.

Tools Used

Manual Review

Recommendations

Refund the sellers balance with the amount corresponding to the unused_points.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-DeliveryPlace-settleAskTaker-settleAskMaker-partial-settlements

Valid high, in settleAskTaker/settleAskMaker, if the original offer maker performs a partial final settlement, the existing checks [here](https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/DeliveryPlace.sol#L356-L358) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L230-L232) will cause an revert when attempting to complete a full settlement, resulting in their collateral being locked and requiring a rescue from the admin. To note, although examples in the documentation implies settlement in a single click, it is not stated that partial settlements are not allowed, so I believe it is a valid user flow.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.