Tadle

Tadle
DeFi
30,000 USDC
View results
Submission Details
Severity: high
Valid

`closeBidTaker` uses `makerInfo.tokenAddress` for point token update making users to not receive their points

Updates

Lead Judging Commences

0xnevi Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance

Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.

Cyfrin
Updraft
CodeHawks
Solodit
Resources