an admin can update non existing market place status
Summary
Vulnerability Details
In case of an admin error, the admin can call
SystemConfig:updateMarketPlaceStatus()with non existing marketplace name. This may lead to the non-existing marketplace status being set to MarketPlaceStatus.Online.function updateMarketPlaceStatus(string calldata _marketPlaceName,MarketPlaceStatus _status) external onlyOwner {address marketPlace = GenerateAddress.generateMarketPlaceAddress(_marketPlaceName);MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[marketPlace];marketPlaceInfo.status = _status;}A protocol user might decide to create an offer using this marketplace which breaks the invariant that market places are created only via
SystemConfig::createMarketPlace()by the owner.Even though it's an admin error, there should be an input validation mechanism to prevent such cases from happening.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/SystemConfig.sol#L163-L170
Impact
Users can try to create offers/bid to a marketplace which was not created via SystemConfig::createMarketPlace()
Tools Used
Manual review
Recommendations
Check if the market place status is != UnInitialized before updating it's status
Lead Judging Commences
[invalid] finding-Admin-Errors-Malicious
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.