Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

A taker would lose a platform fee and tax if a maker aborts the offer.

bladesec

Summary

A taker would lose a platform fee and tax if a maker aborts the offer.

Vulnerability Details

When a matches an ask offer using createTaker(), he should pay platformFee as well as tradeTax in _depositTokenWhenCreateTaker().

function _depositTokenWhenCreateTaker(

uint256 platformFee,

uint256 depositAmount,

uint256 tradeTax,

MakerInfo storage makerInfo,

OfferInfo storage offerInfo,

ITokenManager tokenManager

) internal {

uint256 transferAmount = OfferLibraries.getDepositAmount(

offerInfo.offerType,

offerInfo.collateralRate,

depositAmount,

false,

Math.Rounding.Ceil

);

transferAmount = transferAmount + platformFee + tradeTax; //@audit

tokenManager.tillIn{value: msg.value}(

_msgSender(),

makerInfo.tokenAddress,

transferAmount,

false

);

}

But if the maker aborts the offer using abortAskOffer(), the taker should call abortBidTaker() to receive back his collaterals.

function abortBidTaker(address _stock, address _offer) external {

StockInfo storage stockInfo = stockInfoMap[_stock];

OfferInfo storage preOfferInfo = offerInfoMap[_offer];

//validation

uint256 depositAmount = stockInfo.points.mulDiv(

preOfferInfo.points,

preOfferInfo.amount,

Math.Rounding.Floor

);

uint256 transferAmount = OfferLibraries.getDepositAmount(

preOfferInfo.offerType,

preOfferInfo.collateralRate,

depositAmount,

false,

Math.Rounding.Floor

);

MakerInfo storage makerInfo = makerInfoMap[preOfferInfo.maker];

ITokenManager tokenManager = tadleFactory.getTokenManager();

tokenManager.addTokenBalance(

TokenBalanceType.MakerRefund,

_msgSender(),

makerInfo.tokenAddress,

transferAmount

);

}

But in abortBidTaker(), it just refunds collateral for the raw depositAmount without adding platformFee and tradeTax.

Impact

A taker would pay fees while aborting an offer.

Tools Used

Manual Review

Recommendations

While aborting an offer, platform fees and trade taxes should be refunded to the taker.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-PreMarkets-immediate-withdrawal-allow-maker-steal-funds

Valid high severity, given orginal offer makers are not a trusted entity to enforce a settlement. The trade tax set by the maker should be returned back to the takers to avoid abuse of abortion of ask offers to steal trade tax from takers. Note for appeals period: See issue #528 for additional details

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.