Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

lack of existence checks for the `MarketPlace` before updating its status

0xkrkba

Summary

Vulnerability Details

the SystemConfig::updateMarketPlaceStatus lacks of existence checks for the marketplace

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/SystemConfig.sol#L160-L171

function updateMarketPlaceStatus(
string calldata _marketPlaceName,
MarketPlaceStatus _status
) external onlyOwner {
address marketPlace = GenerateAddress.generateMarketPlaceAddress(
_marketPlaceName
);
MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[
marketPlace
];
marketPlaceInfo.status = _status;
}

the function generate a unique address for the marketplace, If the generated marketplace address does not exist in marketPlaceInfoMap, the function will create a new entry in the mapping with the provided status.

Impact

This can lead to the unintended creation of marketplace entries with missing or partial data and will create Marketplaces in inconsistent states.

Tools Used

manual

Recommendations

check the existence of the MarketPlace before updating the state.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-Admin-Errors-Malicious

The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!