Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Some balance type set in addTokenBalance is incorrect.

p0wd3r

Summary

Some balance type set in addTokenBalance is incorrect.

Vulnerability Details

In settleAskMaker, the final type for addTokenBalance should be MakerRefund instead of SalesRevenue, as this is the deposit refunded after settlement, not profit.

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/DeliveryPlace.sol#L301-L306

tokenManager.addTokenBalance(
TokenBalanceType.SalesRevenue,
_msgSender(),
makerInfo.tokenAddress,
makerRefundAmount
);

In the abortBidTaker, the final type in addTokenBalance should be RemainingCash instead of MakerRefund, as it is the deducted deposit rather than a refund to the maker.

https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L687-L692

tokenManager.addTokenBalance(
TokenBalanceType.MakerRefund,
_msgSender(),
makerInfo.tokenAddress,
transferAmount
);

Impact

Some balance type set in addTokenBalance is incorrect.

Tools Used

vscode

Recommendations

Set as recommanded.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-DeliveryPlace-settleAskMaker-addTokenBalance-wrong-TokenBalanceType

Valid low severity, while the token type inputted is wrong, userTokenBalanceMap is still incremented appropriately, so users can still withdraw their funds. So this would technically only affect accounting and public view functions.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!