`offerId` is increment in multiple methods
Summary
Inconsistent update of offerId variable potentially leading to skipped offer IDs.
Vulnerability Details
The offerId variable is updated in two different methods:
createOffer: This update is as expected.createTaker: This additional update may cause inconsistencies in the sequence of offer IDs.
The problem arises because updating offerId in createTaker can lead to gaps in the offer ID sequence, as the next createOffer call will use an ID that skips one or more numbers.
Impact
The overall impact is considered low, as it doesn't compromise the core functionality or security of the contract. However, it may affect the contract's usability and cause inconsistencies in record-keeping.
Tools Used
Manual code review
Recommendations
Remove the
offerIdincrement from thecreateTakermethod.
Lead Judging Commences
finding-PreMarkets-createOffer-offerId-increment-after
I believe this is valid low severity, although there is inconsistency here when using the correct `offerId` for assigning offerIds and generating the unique addresses as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L67-L69), this is purely an accounting error for offerIds. If we generate the offerId using current `offerId - 1`, the appropriate listing/taker orders can still be created against those offers.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.