Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

User can close non vigin offer during ASK/BID settling phase

audinarey

Summary

During the ASK/BID settling phase, user can still close their offers. This owing missng update for offers that have at least one trade in the premarket phase

Vulnerability Details

In the premarket phase, createTaker(...)function does not update the offer type to Ongoing and as such, in the DeliveryPlaceduring market settling, a user can close their bid offer and get back their refund.

function closeBidOffer(address _offer) external {
(
OfferInfo memory offerInfo,
MakerInfo memory makerInfo,
,
MarketPlaceStatus status
) = getOfferInfo(_offer);
......
@> if (offerInfo.offerStatus != OfferStatus.Virgin) { // @audit user can cancel ongoing BID offer during BID/ASK settling
revert InvalidOfferStatus(); // @audit and get their deposit and also quickly wthdraw their revenue, referal and TAX bonus without settling points as the POINTS are not escrowed a the time of settlement thus stealing from their TAKER
}

Although the user does not get their full refund, hence I am reporting this as a low because the usedPointsof the offer is taken into consideration

Impact

Borderline LOW/MED because funds are yet SAFU

Tools Used

Manual review

Recommendations

Update the Premarkets::createTaker(...)function to update the staus of an offer from Virginto Ongoing.

Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-createTaker-Ongoing-Status-Low

Although duplicate of #148, impact mentioned is low severity/invalid, see comments there

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.