Incorrect Storage Modification in `PreMarket::listOffer` Function Leading to Inconsistent State
Summary
In the PreMarket::listOffer function, the abortOfferStatus field should be updated within the OfferInfo struct in the storage, but currently, it is being modified in memory. This mistake results in the changes not being persisted in storage.
Vulnerability Details
Within the PreMarket::listOffer function, when the offer settle type is Turbo, the current offer info is fetched to update it. This offer info resides in the storage mapping offerInfoMap. However, after fetching, the abortOfferStatus is modified to SubOfferListed. The issue is that the OfferInfo struct is fetched into memory instead of storage:
Impact
This oversight causes the listOffer function to leave the storage in an incorrect state.
Tools Used
Manual review.
Recommendations
Lead Judging Commences
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.