Summary

The Tadle protocol's PreMarkets contract contains a vulnerability in its relistOffer function that leads to inefficient collateral management in Protected mode. When users relist a previously closed offer, they are required to provide full collateral again, even if they had just released collateral from the same offer moments ago. This can result in unnecessary locking of user funds, reduced capital efficiency, and potential exploitation of the protocol's collateral system.

Vulnerability Detail

The vulnerability is located in the relistOffer function of the PreMarkets contract. Specifically, the issue arises in the collateral management logic for Protected mode offers.

The vulnerability can be exploited as follows:

1. A user creates an offer in Protected mode, depositing collateral.

2. The user closes the offer using closeOffer(), which returns their collateral.

3. Immediately after, the user relists the same offer using relistOffer().

4. The function requires the user to deposit full collateral again, despite having just released collateral for the same offer.

This process can be repeated rapidly, potentially leading to a situation where a user's total locked collateral far exceeds their actual assets, as the protocol isn't efficiently tracking and reusing already-deposited collateral.

Impact

• Capital Inefficiency: Users are forced to over-collateralize their positions, locking up more funds than necessary in the protocol. This reduces the overall capital efficiency of the Tadle ecosystem.

• Liquidity Reduction: The excessive locking of funds can lead to reduced liquidity in the market, as users have less capital available for active trading.

• Increased User Costs: Users incur unnecessary gas fees for repeated collateral deposits and withdrawals, reducing their overall profitability.

• Vulnerability to Market Manipulation: In volatile market conditions, malicious actors could exploit this inefficiency to create artificial liquidity crunches by rapidly creating and relisting offers, locking up large amounts of collateral.

Tool used

Manual Review

Recommendation

To address this vulnerability, we recommend implementing a more efficient collateral management system. Here are two potential approaches:

• Collateral Tracking and Reuse: Implement a system to track "recently unlocked" collateral per user. Allow this collateral to be immediately reused for relisting without requiring a new deposit.

• Time-based Collateral Reuse: Allow collateral reuse without new deposits if relisting occurs within a specific timeframe (e.g., 1 hour) of closing the previous offer.