Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect offer status check in function closeBidOffer

kwakudr

Summary

The function checks if the offer status is Virgin and reverts if it's not. This contradicts the comment that says the status must be Settling.

Vulnerability Details

/**
* @notice Close bid offer
* @dev caller must be offer authority
* @dev offer type must Bid
* @dev offer status must be Settling
* @dev refund amount = offer amount - used amount
*/
function closeBidOffer(address _offer) external {
(
OfferInfo memory offerInfo,
MakerInfo memory makerInfo,
,
MarketPlaceStatus status
) = getOfferInfo(_offer);
if (_msgSender() != offerInfo.authority) {
revert Errors.Unauthorized();
}
if (offerInfo.offerType == OfferType.Ask) {
revert InvalidOfferType(OfferType.Bid, OfferType.Ask);
}
if (
status != MarketPlaceStatus.AskSettling &&
status != MarketPlaceStatus.BidSettling
) {
revert InvaildMarketPlaceStatus();
}
if (offerInfo.offerStatus != OfferStatus.Virgin) {
revert InvalidOfferStatus();
}

There's a discrepancy between the function's comment and its actual implementation regarding the offer status check.

According to the comment, the function should only proceed if the offer status is "Settling".

The code checks if the offer status is not "Virgin" and reverts if it's anything other than "Virgin". This is the opposite of what the comment suggests.

This creates a significant logical contradiction where the function is allowing a status that it should reject (Virgin) and rejecting statuses it should allow (including Settling).

Impact

The function will execute for Virgin status offers when it shouldn't, and fail for Settling status offers when it should allow them.

Tools Used

Manual Review

Recommendations

Align the code with the intended behavior

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-closeBidOffer-Virgin-Settling

Based on the current Tadle market system, the `Settling` status is never used (along with `Ongoing` and `Filled`), which is supposed to represent the state before settlement by original maker. While sementically, the `Virgin` status does not represent the correct phase to allow early closures before settlement, this issue does not have any current impact given technically the early closure of bid offers is still allowed. However, if we are basing it off of the correct status implementation (i.e. `Settling` phase appropriately updated when takers create offers), then the DoS will occur, essentially blocking any early closure of bids by subsequent makers, forcing them to follow through to final settlement. Unfortunately, none of these issues identify the correct pre-context mentioned above, but I believe medium severity is appropriate. Note for downgrade to low severity: Agree with above appeals and low severity, this is more of a status accounting error and does not have any impact, given the function of `closeBidOffer` is to withdraw the unused portion of sales proceeds. It can be executed as long as the TGE time has been reached, and it restricts the offer to be in a Virgin state. Since the statuses consistently do not utilize a switch from Vigin to Ongoing/Filled and the protocol can function appropriately even without the use of such statuses (presuming other bugs are fixed), the DoS impact will not occur.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.