Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Unused ongoing status for offerStatus may cause undesired behaviours

demorextess

Summary

Offer status is used many if statements in order to identify the status of offer and taking action according to it. But OnGoing status is not used anywhere in the system.

Vulnerability Details

OfferInfo structure is defined as follows:

/**
* @title OfferInfo
* @dev Struct of OfferInfo
* @param id the unique id of offer.
* @param authority the owner of offer.
* @param maker the maker of offer, is a virtual address, storage as MakerInfo.
* @param offerStatus the status of offer, detail in OfferStatus.sol.
* @param offerType the type of offer, detail in OfferStatus.sol.
* @param abortOfferStatus the status of abort offer, detail in OfferStatus.sol.
* @param points the points of sell or buy offer.
* @param amount the amount want to sell or buy.
* @param collateralRate the collateral rate of offer. must be greater than 100%. decimal is 10000.
* @param usedPoints the points that already completed.
* @param tradeTax the trade tax of offer. decimal is 10000.
* @param settledPoints the settled points of offer.
* @param settledPointTokenAmount the settled point token amount of offer.
* @param settledCollateralAmount the settled collateral amount of offer.
*/
struct OfferInfo {
uint256 id;
address authority;
address maker;
OfferStatus offerStatus;
OfferType offerType;
AbortOfferStatus abortOfferStatus;
uint256 points;
uint256 amount;
uint256 collateralRate;
uint256 usedPoints;
uint256 tradeTax;
uint256 settledPoints;
uint256 settledPointTokenAmount;
uint256 settledCollateralAmount;
}

OfferStatus structure is defined as follows:

/**
* @dev Offer status
* @notice Unknown, Virgin, Ongoing, Canceled, Filled, Settling, Settled
* @param Unknown offer not yet exist.
* @param Virgin offer has been listed, but not one trade.
* @param Ongoing offer has been listed, and already one trade.
* @param Canceled offer has been canceled.
* @param Filled offer has been filled.
* @param Settling offer is settling.
* @param Settled offer has been settled, the last status.
*/
enum OfferStatus {
Unknown,
Virgin,
Ongoing,
Canceled,
Filled,
Settling,
Settled
}

In the dev note, OnGoing status is used when an offer has at least one trade on it. This can cause undesired behaviour on the system because this status is not used anywhere in the system.

Impact

To be honest, I am not sure what should be the effect of ongoing status in the system but I can share my investigations.

Basicly, after calling createTaker function it should change the status of maker offer to ongoing based on the documentation. But in this situation it still will be virgin. In this situation, it can bypass the following functions in the if statement and may cause unexpected results ( because it will be shown as virgin ):

-- closeBidOffer() (checking virginity)
-- closeBidTaker() (checking virginity)
-- settleAskMaker() (checking virginity)
-- createTaker() (checking virginity)
-- abortAskOffer() (checking virginity)

Tools Used

Manual Review

Recommendations

I can't choose a correct pathway to check the system working correctly or not but I believe it should be known

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-createTaker-Ongoing-Status-Low

Although duplicate of #148, impact mentioned is low severity/invalid, see comments there

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.