If malicious attackers buy the small points from ask offer and sell this bid taker, aborting will be DoS
Lead Judging Commences
[invalid] finding-PreMarkets-abortAskOffer-revert-SubOfferListed
This findings hinges on the fix to #1616. Since it DoSes abortAskOffer that should be allowed, medium severity seems appropriate. Note for invalidation: This highlights a potential inconsistency that sellers should be able to cancel their orders at any time if they are not fulfilled and retrieve their collateral as noted in the [doc](https://tadle.gitbook.io/tadle/product/points-marketplace#how-tadle-unlock-points-liquidity-on-our-marketplace). However, not how it mentions `if applicable` . > Upon completing the trade, the seller will receive the funds instantly, without having to wait for the token unlock at TGE. Sellers can cancel their orders at any time if they are not fulfilled and retrieve their collateral, if applicable. So one can interpret it as once a bid taker offer is created against an orign maker ask offer, the revenue earned represented by SalesRevenue (see issue #826 and #765 for more indepth explanation) is assigned to the origin maker that can be withdrawed immediately (meaning order is already fulfilled). So arguably, in turbo mode, once an sub offer is listed, it is an acceptable design decision to disallow termination even if the suboffer is not settled, given taker should be the rightful holder of the 100 points (per the PoC) i.e. the maker should settle, if not they can walk away with the collateral paid by taker FOC. I believe this issue is invalid
Appeal created
[invalid] finding-PreMarkets-abortAskOffer-revert-SubOfferListed
This findings hinges on the fix to #1616. Since it DoSes abortAskOffer that should be allowed, medium severity seems appropriate. Note for invalidation: This highlights a potential inconsistency that sellers should be able to cancel their orders at any time if they are not fulfilled and retrieve their collateral as noted in the [doc](https://tadle.gitbook.io/tadle/product/points-marketplace#how-tadle-unlock-points-liquidity-on-our-marketplace). However, not how it mentions `if applicable` . > Upon completing the trade, the seller will receive the funds instantly, without having to wait for the token unlock at TGE. Sellers can cancel their orders at any time if they are not fulfilled and retrieve their collateral, if applicable. So one can interpret it as once a bid taker offer is created against an orign maker ask offer, the revenue earned represented by SalesRevenue (see issue #826 and #765 for more indepth explanation) is assigned to the origin maker that can be withdrawed immediately (meaning order is already fulfilled). So arguably, in turbo mode, once an sub offer is listed, it is an acceptable design decision to disallow termination even if the suboffer is not settled, given taker should be the rightful holder of the 100 points (per the PoC) i.e. the maker should settle, if not they can walk away with the collateral paid by taker FOC. I believe this issue is invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Community Judging
Submissions are being reviewed by the community.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.