Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing Check for Bid Type in `PreMarkets::abortBidTaker` Function

n3smaro

Summary

The abortBidTaker function in the PreMarkets contract does not verify that the stock type is "Bid" before allowing the abortion process. This gap could lead to unintended operations on non-bid stocks, causing potential issues in the handling of stocks and refunds.

Vulnerability Details

The abortBidTaker function handles the abortion of bid takers and the refund of associated deposits but lacks a crucial check to ensure that the stock is of type "Bid":

function abortBidTaker(address _stock, address _offer) external {
StockInfo storage stockInfo = stockInfoMap[_stock];
OfferInfo storage preOfferInfo = offerInfoMap[_offer];
if (stockInfo.authority != _msgSender()) {
revert Errors.Unauthorized();
}
if (stockInfo.preOffer != _offer) {
revert InvalidOfferAccount(stockInfo.preOffer, _offer);
}
if (stockInfo.stockStatus != StockStatus.Initialized) {
revert InvalidStockStatus(
StockStatus.Initialized,
stockInfo.stockStatus
);
}
if (preOfferInfo.abortOfferStatus != AbortOfferStatus.Aborted) {
revert InvalidAbortOfferStatus(
AbortOfferStatus.Aborted,
preOfferInfo.abortOfferStatus
);
}
uint256 depositAmount = stockInfo.points.mulDiv(
preOfferInfo.points,
preOfferInfo.amount,
Math.Rounding.Floor
);
uint256 transferAmount = OfferLibraries.getDepositAmount(
preOfferInfo.offerType,
preOfferInfo.collateralRate,
depositAmount,
false,
Math.Rounding.Floor
);
MakerInfo storage makerInfo = makerInfoMap[preOfferInfo.maker];
ITokenManager tokenManager = tadleFactory.getTokenManager();
tokenManager.addTokenBalance(
TokenBalanceType.MakerRefund,
_msgSender(),
makerInfo.tokenAddress,
transferAmount
);
stockInfo.stockStatus = StockStatus.Finished;
emit AbortBidTaker(_offer, _msgSender());
}

Impact

The absence of a check to ensure the stock is of type "Bid" could result in the function being invoked for stocks that are not bids. This misalignment can lead to incorrect handling of stock statuses and refunds, potentially impacting the integrity of the stock and offer management system.

Tools Used

Manual Code Review

Recommendations

Incorporate a check to confirm that the stock type is "Bid" before proceeding with the abortion.

// Add check for stock type
if (stockInfo.stockType != StockType.Bid) {
revert InvalidStockType(StockType.Bid, stockInfo.stockType);
}
Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-abortBidTaker-lack-check-Bid-Type

Low severity, the check is indeed missing for `abortBidTaker`, however, this would be contingent on user error and the funds are not locked, given admin can rescue them via `Rescuable.sol`

finding-Premarkets-listOffer-lack-check-abort-relist

Leaving high severity for now but will leave open for appeals. Technically, users can choose not to transact this type offers if they are aware of such undercollaterized relisted offers, in which case it will have no impact. However, if subsequent takers transact this relisted offers, this can allow profits without having to settle any points.

Appeal created

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-abortBidTaker-lack-check-Bid-Type

Low severity, the check is indeed missing for `abortBidTaker`, however, this would be contingent on user error and the funds are not locked, given admin can rescue them via `Rescuable.sol`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.