Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing uniqueness check for MarketPlace name, may lead to conflicts

0xmilenov

Summary

A vulnerability exists in the createMarketPlace function where the uniqueness of the _marketPlaceName is not verified. This could lead to conflicts and confusion if multiple marketplaces are created with the same name.

Vulnerability Details

In the createMarketPlace function, inside SystemConfig.sol, the contract fails to check if the provided _marketPlaceName is unique before creating a new marketplace. According to the function's documentation, the marketplace name must be unique, but without this check, the same name could be used for multiple marketplaces, causing potential conflicts and operational issues.

/**

* @notice Create market place

* @param _marketPlaceName Market place name

* @param _fixedratio Fixed ratio

* @notice Caller must be owner

* @notice _marketPlaceName must be unique

* @notice _fixedratio is true if the market place is arbitration required

function createMarketPlace(

string calldata _marketPlaceName,

bool _fixedratio

) external onlyOwner {

address marketPlace = GenerateAddress.generateMarketPlaceAddress(

_marketPlaceName

);

MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[

marketPlace

];

if (marketPlaceInfo.status != MarketPlaceStatus.UnInitialized) {

revert MarketPlaceAlreadyInitialized();

}

marketPlaceInfo.status = MarketPlaceStatus.Online;

marketPlaceInfo.fixedratio = _fixedratio;

emit CreateMarketPlaceInfo(_marketPlaceName, marketPlace, _fixedratio);

}

The absence of this check can lead to the creation of multiple marketplaces with the same name, which can cause operational confusion and make it difficult to distinguish between different marketplaces. Which opens a possibility for someone to create an offer in the wrong marketplace.

Impact

Without verifying the uniqueness of _marketPlaceName, the function can create multiple marketplaces with the same name, leading to potential conflicts, confusion, and administrative difficulties.

Tools Used

Imagination

Recommendations

Implement a check to ensure that _marketPlaceName is unique before proceeding with the creation of a new marketplace. This can be done by checking if a marketplace with the same name already exists in the marketPlaceInfoMap for example.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

[invalid] finding-SystemConfigcreateMarketPlace-unique

Invalid, admins trusted to create marketplaces accordingly with appropriate inputs, as stated in READ.ME. If they do, there will be no issues.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!