Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

incomplete updates in closeOffer function

kwakudr

Summary

The closeOffer function updates offerInfo.offerStatus to Canceled, but doesn't update the corresponding stockInfo. This leaves the stockInfo.offer still pointing to a canceled offer, potentially leading to inconsistent state. When an offer is closed, related state in stockInfo (like stockInfo.offer) should be reset or updated to reflect that the offer no longer exists.

Vulnerability Details

function closeOffer(address _stock, address _offer) external {

OfferInfo storage offerInfo = offerInfoMap[_offer];

StockInfo storage stockInfo = stockInfoMap[_stock];

if (stockInfo.offer != _offer) {

revert InvalidOfferAccount(stockInfo.offer, _offer);

}

if (offerInfo.authority != _msgSender()) {

revert Errors.Unauthorized();

}

if (offerInfo.offerStatus != OfferStatus.Virgin) {

revert InvalidOfferStatus();

}

MakerInfo storage makerInfo = makerInfoMap[offerInfo.maker];

/// @dev market place must be online

ISystemConfig systemConfig = tadleFactory.getSystemConfig();

MarketPlaceInfo memory marketPlaceInfo = systemConfig

.getMarketPlaceInfo(makerInfo.marketPlace);

marketPlaceInfo.checkMarketPlaceStatus(

block.timestamp,

MarketPlaceStatus.Online

);

The offerInfo.offerStatus is updated to Canceled. However, the corresponding stockInfo is not updated to reflect this change. In a system where Stocks and Offers are related entities, it's crucial to keep their states consistent with each other. The function cancels an offer but doesn't update the stock to indicate that it no longer has an active offer.

Impact

This leads to a situation where the offer is marked as canceled, but the stock still references it as an active offer.

Tools Used

Manual Review

Recommendations

When an offer is canceled, the function should:

Update the offerInfo to mark it as canceled.
Update the stockInfo to remove the reference to the canceled offer or mark it as inactive.
Potentially update any other related state (e.g., in makerInfo) to reflect the offer cancellation.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-Premarkets-stockStatus-update-missing

Valid low severity due to accounting error, although `stock` status is not update appropriately to `Finished`, there will be no exploit possible given relevant checks on the `offer` side.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.