Summary

A potential denial of service (DoS) issue exists in the PreMarket::createOffer and PreMarket::createTaker functions, where the generation of a unique stockAddr can result in a permanent revert if an address collision occurs.

Vulnerability Details

In the PreMarket::createOffer and PreMarket::createTaker functions, after a new stockAddr is generated, it is validated for uniqueness. The function checks if that address has already been generated (i.e., is in use) and reverts if true.

The issue arises because these addresses are generated with unique offerIds as their only differentiator. If, by chance, the address uniqueness check fails, these functions will become unusable as every call to them will revert, given that there is no way to skip an offerId.

Impact

While the likelihood of this issue occurring is very low, the impact is severe, as it could render the contract functions unusable for a particular offerId, leading to a permanent denial of service for that specific case.

Tools Used

Manual analysis.

Recommendations

Add a function that allows skipping an offerId, which can only be called by the contract owner. This would provide a contingency plan in the unlikely event of an address collision.

Ask Takers in Turbo Mode Incorrectly Forced to Deposit Collateral

Severity: Low

Summary

In Turbo Mode, ask takers are incorrectly required to deposit collateral, contrary to the intended design of the mode.

Vulnerability Details

In Tadle, there are two trading modes for points: Protected and Turbo.

• Protected Mode: All sellers, whether original or subsequent, must provide collateral. "In Protected Mode, all sellers, whether they are the original or subsequent ones, are required to deposit cryptocurrency as collateral."

• Turbo Mode: Only original sellers are required to deposit collateral, while subsequent traders do not need to provide additional collateral. "In Turbo Mode, the original seller deposits crypto as collateral, enabling subsequent traders to buy and sell points without additional collateral."

Despite this design, points sellers who call PreMarket::createTaker and target a Turbo Bidder are still incorrectly required to deposit collateral for their order. The relevant code is as follows:

In this code, depositAmount, platformFee, and tradeTax are computed and used in _depositTokenWhenCreateTaker, which forces collateral to be deposited even in Turbo Mode.

Impact

The incorrect requirement for collateral in Turbo Mode may result in unintended issues and operational inefficiencies.

Tools Used

• Manual analysis

Recommendations

Update the implementation of PreMarket::createTaker to properly handle Turbo Mode by ensuring that collateral is not required from ask takers in this mode. Verify and adjust the collateral deposit logic based on the trading mode.