Submission Details
Severity:
No check for unique marketplace names in the function
Summary
One can create marketplace with same name which can be misleading.
Vulnerability Details
In CreateMarketPlace function of SystemConfig.sol there is a comment saying '
* @notice _marketPlaceName must be unique
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/SystemConfig.sol#L90
function createMarketPlace(
string calldata _marketPlaceName,
bool _fixedratio
) external onlyOwner {
address marketPlace = GenerateAddress.generateMarketPlaceAddress( @audit-info no check for unique names
_marketPlaceName
);
MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[
marketPlace
];
if (marketPlaceInfo.status != MarketPlaceStatus.UnInitialized) {
revert MarketPlaceAlreadyInitialized();
}
marketPlaceInfo.status = MarketPlaceStatus.Online;
marketPlaceInfo.fixedratio = _fixedratio;
emit CreateMarketPlaceInfo(_marketPlaceName, marketPlace, _fixedratio);
}
Impact
A person can create marketplace with same name
Tools Used
Manual
Recommendations
It should have a check to stop duplication of marketplace names
Updates
Lead Judging Commences
0xnevi about 1 year ago
Submission Judgement Published Reason: Known issue
Assigned finding tags:
[invalid] finding-SystemConfigcreateMarketPlace-unique
Invalid, admins trusted to create marketplaces accordingly with appropriate inputs, as stated in READ.ME. If they do, there will be no issues.
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.