Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`Maker` of a `Bid` offer is unable to claim compensation from all `Takers` that did not settle with him.

eeyore

Summary

There is no option for a Maker of a Bid offer to claim compensation and a refund from a Taker in a case where he did not settle his Ask stocks, and the current market status is BidSettling.

The Maker's funds are locked in the system, and the only way to extract them is through direct Owner intervention, which is not guaranteed to happen.

Vulnerability Details

In a situation where the Taker did not settle, the only option for the Maker to be refunded and compensated is an Owner call to the DeliveryPlace.settleAskTaker() function.

File: DeliveryPlace.sol

360: if (status == MarketPlaceStatus.AskSettling) {

...

364: } else {

365: if (_msgSender() != owner()) { // <== Maker should be able to settle when status == MarketPlaceStatus.BidSettling

366: revert Errors.Unauthorized();

367: }

368: if (_settledPoints > 0) {

369: revert InvalidPoints();

370: }

371: }

This is not an ideal situation as there should be a direct way for a Maker of a Bid offer to settle the trade when the marketplace is in the BidSettling state.

It is worth noting that in its current form, DeliveryPlace.settleAskTaker() is broken due to invalid access control validation in the if (status == MarketPlaceStatus.AskSettling) {, which is reported in another issue. However, after fixing that, this issue will still be relevant.

Impact

DoS in claiming compensation and a refund for the Maker of a Bid offer.

Tools Used

Manual review.

Recommendations

Allow the Maker of a Bid offer to call for unclaimed Ask stocks in case the marketplace is in the BidSettling state.

File: DeliveryPlace.sol

-365: if (_msgSender() != owner()) {

+365: if (_msgSender() != owner() && (status != MarketPlaceStatus.BidSettling || _msgSender() != offerInfo.authority)) {

366: revert Errors.Unauthorized();

367: }

368: if (_settledPoints > 0) {

369: revert InvalidPoints();

370: }

Updates

Lead Judging Commences

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Appeal created

eeyore Submitter

about 1 year ago

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.