Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Points Condition in `settleAskMaker` and `settleAskTaker` Functions Prevents Proper Settlement Even If the Caller is Owner

atharv181

Summary

The settleAskMaker and settleAskTaker functions in the smart contract incorrectly prevent settlement when _settledPoints > 0, even for the owner. This logic flaw can lead to the inability of the owner to settle points, causing disruptions in the settlement process.

Vulnerability Details

In the settleAskMaker and settleAskTaker functions, the following code snippet checks the status of the marketplace and authorizes the settlement based on the caller:

if (status == MarketPlaceStatus.AskSettling) {
if (_msgSender() != offerInfo.authority) {
revert Errors.Unauthorized();
}
} else {
if (_msgSender() != owner()) {
revert Errors.Unauthorized();
}
if (_settledPoints > 0) {
revert InvalidPoints();
}
}

The issue lies in the conditional check if (_settledPoints > 0). This condition prevents the settlement process even if the caller is the owner and the points to be settled are greater than zero. This restriction is problematic as it hinders the proper settlement of points by the owner, potentially leading to unresolved settlements

Impact

Owner cannot settle the offer.

Tools Used

Manual Code Review

Recommendations

Remove the Condition

if (status == MarketPlaceStatus.AskSettling) {
if (_msgSender() != offerInfo.authority) {
revert Errors.Unauthorized();
}
} else {
if (_msgSender() != owner()) {
revert Errors.Unauthorized();
}
// Remove the invalid points check
}

This change will ensure that the owner can perform settlements as intended.

Updates

Lead Judging Commences

0xnevi Lead Judge
12 months ago
0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.