Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Inconsistent Token Whitelist Checks in `tillIn` Calls from `PreMarkets` Contract

n3smaro

Summary

Functions in the PreMarkets contract call the TokenManager::tillIn function with _isPointToken set to false, which bypasses the whitelist checks for tokens. This inconsistency may allow unauthorized or unapproved tokens to be processed.

Vulnerability Details

The createOffer, listOffer, relistOffer and _depositTokenWhenCreateTaker functions in the PreMarkets contract call TokenManager::tillIn with _isPointToken =false:

tokenManager.tillIn{value: msg.value}(

_msgSender(),

makerInfo.tokenAddress,

transferAmount,

false

);

As a result, the onlyInTokenWhiteList modifier in TokenManager::tillIn is not applied. This modifier is responsible for ensuring that only tokens which are part of an approved whitelist are processed. By setting _isPointToken to false, the whitelist check is bypassed, allowing tokens that are not whitelisted to be used. This inconsistency could lead to the processing of unauthorized tokens, potentially compromising the integrity of the token management system.

modifier onlyInTokenWhiteList(bool _isPointToken, address _tokenAddress) {

if (!_isPointToken && !tokenWhiteListed[_tokenAddress]) {

revert TokenIsNotWhiteListed(_tokenAddress);

}

Impact

The bypassing of whitelist checks allows tokens that are not approved to be used, which can lead to unauthorized or malicious tokens being processed. This may result in financial loss or system exploitation.
Allowing unapproved tokens in critical operations increases the risk of exploitation by malicious actors, who could manipulate or disrupt the system by using these tokens.

Tools Used

Manual Code Review

Recommendations

Ensure that the tillIn function enforces whitelist checks consistently. This involves setting _isPointToken to true where appropriate to validate token approval, particularly in cases where the token's approval status needs to be checked.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[invalid] finding-TokenManager-onlyInTokenWhiteList-bypass

Invalid, point tokens need not be whitelisted, since they are subjected to the free market to allow free trading within Tadle with the original collateral backing. Since collateral tokens are the subject of focus when valuing points traded, the whitelist is only applicable to them.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.