Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Inconsistent offerId Increment in createOffer and createTaker Functions

KaiThompson

Summary

The PreMarkets contract has inconsistent behavior in how the offerId is incremented in the createOffer and createTaker functions. Specifically, the offerId is incremented before updating StockInfo in the createOffer function, but it is incremented after updating StockInfo in the createTaker function. This inconsistency could lead to confusion and potential data inconsistencies.

Vulnerability Details

Impact

  • Data Inconsistency: The inconsistency can lead to situations where stockInfo entries might have unexpected or duplicate id values, causing bugs and data inconsistency issues.

  • Maintenance Difficulty: Inconsistent increment patterns can confuse developers and maintainers, increasing the likelihood of future bugs being introduced.

  • Potential Vulnerabilities: If other functions or contracts depend on a specific pattern for offerId increments, the inconsistency could introduce unforeseen vulnerabilities or logical errors.

Tools Used

Manual code review

Recommendations

To resolve the inconsistency and ensure a standard approach, it is recommended to increment the offerId after updating the StockInfo in both functions. This change makes the code flow more logical, indicating that the current offerId is fully utilized before moving to the next ID.

Suggested Change for createOffer Function:

Increment the offerId after using it in StockInfo.

Updated createOffer function:

function createOffer(CreateOfferParams calldata params) external payable {
// ... code before generating addresses ...
/// @dev generate address for maker, offer, stock.
address makerAddr = GenerateAddress.generateMakerAddress(offerId);
address offerAddr = GenerateAddress.generateOfferAddress(offerId);
address stockAddr = GenerateAddress.generateStockAddress(offerId);
// ... validation checks ...
// Updating the stock info
stockInfoMap[stockAddr] = StockInfo({
id: offerId, // Using current offerId
stockStatus: StockStatus.Initialized,
stockType: params.offerType == OfferType.Ask ? StockType.Bid : StockType.Ask,
authority: _msgSender(),
maker: makerAddr,
preOffer: address(0x0),
offer: offerAddr,
points: params.points,
amount: params.amount
});
// Increment offerId after use
@> offerId = offerId + 1;
// ... rest of the createOffer code ...
}
Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-createOffer-offerId-increment-after

I believe this is valid low severity, although there is inconsistency here when using the correct `offerId` for assigning offerIds and generating the unique addresses as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L67-L69), this is purely an accounting error for offerIds. If we generate the offerId using current `offerId - 1`, the appropriate listing/taker orders can still be created against those offers.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.