Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Dos in `Premarktes::abortBidTaker` for listed taker

_frolic

Summary

In turbo mode a taker from a listed offer is unable to call PreMarktes::abortBidTaker.

Vulnerability Details

In turbo mode the original offer owner/maker settles all subsequent takers but while the original offer has been aborted a listed offer cannot be aborted, and the PreMarktes::abortBidTakerfunction requires the preOffer of a stock to be aborted before the taker can get their refund.

Impact

The taker from the listed offer is unable to get back their tokens resulting in a DOS and stuck funds

POC

function test_abort_turbo_1_offer() public {
vm.startPrank(user);
preMarktes.createOffer(
CreateOfferParams(
marketPlace,
address(mockUSDCToken),
1000,
0.01 * 1e18,
12000,
300,
OfferType.Ask,
OfferSettleType.Turbo
)
);
vm.stopPrank();
vm.startPrank(user1);
mockUSDCToken.approve(address(tokenManager), type(uint256).max);
address stockAddr = GenerateAddress.generateStockAddress(0);
address offerAddr = GenerateAddress.generateOfferAddress(0);
preMarktes.createTaker(offerAddr, 500);
vm.stopPrank();
vm.startPrank(user4);
preMarktes.createTaker(offerAddr, 500);
address stock2Addr = GenerateAddress.generateStockAddress(2);
preMarktes.listOffer(stock2Addr, 0.006 * 1e18, 12000);
vm.startPrank(user1);
mockUSDCToken.approve(address(tokenManager), type(uint256).max);
address offer1Addr = GenerateAddress.generateOfferAddress(2);
address stock3Addr = GenerateAddress.generateStockAddress(3);
preMarktes.createTaker(offer1Addr, 250);
vm.stopPrank();
vm.prank(user);
preMarktes.abortAskOffer(stockAddr, offerAddr);
vm.startPrank(user1);
address stock1Addr = GenerateAddress.generateStockAddress(1);
preMarktes.abortBidTaker(stock1Addr, offerAddr);
vm.stopPrank();
vm.startPrank(user4);
preMarktes.abortBidTaker(stock2Addr, offerAddr);
vm.stopPrank();
vm.prank(user1);
//Reverts, hence stopping the user from getting their refund
preMarktes.abortBidTaker(stock3Addr, offer1Addr);
}

Tools Used

Manual Analysis

Recommendations

Use the origin offer to check if a turbo taker can call the PreMarktes::abortBidTaker function.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.