Users can abort offer even if the takers relist in Protected mode
Summary
In protected mode the ask offer can be aborted even if the takers of the offer have relisted.
Vulnerability Details
Assumption: As confirmed by the sponsor, if the takers of an offer relist, then the offer shouldnt be able to abort.
But in the abortAskOffer, this check doesnt work as intended.
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L664-L668
This is because when an offer is being relisted, unlike in the turbo mode, the abortOfferStatus is not being changed to SubOfferListed.
This would allow offers to abort and retrieve their full collateral amount.
Impact
This is breaking core protocol functionality.
Tools Used
Manual Review
Recommendations
Update the abortOfferStatus of the preOffer while listing an offer.
(line 346 in Premarkets.sol):
Appeal created
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.