Summary

The incorrect-equality issue arises from the use of strict equality checks in the DeliveryPlace contract. These checks may lead to unintended behavior if the conditions they compare do not account for all possible states or edge cases. This can result in security vulnerabilities or incorrect execution of contract logic.

Vulnerability Details

Strict Equality Checks in the identified Functions Below compare values directly without considering potential edge cases or variations in state, making them a vulnerablity.

Affected Functions and Lines

• ID-0: DeliveryPlace.settleAskTaker(address,uint256)

  • Line 360: status == MarketPlaceStatus.AskSettling

  • Details: The strict equality check here may not handle all possible status values or transitions properly.

• ID-1: DeliveryPlace.settleAskMaker(address,uint256)

  • Line 249: status == MarketPlaceStatus.AskSettling

  • Details: Similar to ID-0, this check may not be comprehensive in evaluating all possible status values.

• ID-2: DeliveryPlace.settleAskMaker(address,uint256)

  • Line 238: offerInfo.offerType == OfferType.Bid

  • Details: This check may not account for all offerType values, potentially leading to incorrect offer handling.

• ID-3: DeliveryPlace.closeBidTaker(address)

  • Line 122: makerInfo.offerSettleType == OfferSettleType.Protected

  • Details: The equality check may fail to consider all offerSettleType scenarios, impacting bid closure.

• ID-4: DeliveryPlace.closeBidTaker(address)

  • Line 153: offerInfo.offerStatus == OfferStatus.Virgin

  • Details: This check may be insufficient for verifying the offerStatus, potentially causing improper bid closure.

• ID-5: DeliveryPlace.settleAskMaker(address,uint256)

  • Line 277: offerInfo.offerStatus == OfferStatus.Virgin

  • Details: The strict equality check may not handle all states of offerStatus correctly, affecting settlement.

• ID-6: DeliveryPlace.closeBidOffer(address)

  • Line 47: offerInfo.offerType == OfferType.Ask

  • Details: The check here might miss certain offerType values, impacting bid offer closure.

• ID-7: DeliveryPlace.settleAskMaker(address,uint256)

  • Line 276: _settledPoints == offerInfo.usedPoints

  • Details: The equality check could lead to errors if _settledPoints and offerInfo.usedPoints are not aligned as expected.

Impact

The use of strict equality checks can lead to unintended behavior if the comparisons do not account for all possible states. This may result in improper handling of contract states or transitions, causing vulnerabilities or incorrect contract operations, such as unauthorized refunds, invalid stock operations, or improper settlements.

Tools Used

• Slither: Static analysis tool for detecting vulnerabilities in Solidity code.

• Solidity Compiler: Used for compiling and analyzing the smart contract code.

Exploit

Recommendations

1. Improve Equality Checks: Replace strict equality checks with more comprehensive conditions that account for all potential states and variations.

2. Add Edge Case Handling: Implement additional checks and balances to handle edge cases or unexpected values, ensuring robust and secure contract logic.