Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unique Marketplace Name Check is missing in `SystemConfig` Contract

0xrakesh_ummadi28

Summary

The SystemConfig smart contract does not implement uniqueness for marketplace names during creation. This issue lead to multiple marketplaces being created with the same name, causing potential confusion and operational issues.

Vulnerability Details

Location : https://github.com/tadle-com/market-evm/blob/8fbea7f4513cbeb0104236927d9051510574e673/src/core/SystemConfig.sol#L90

The createMarketPlace function lacks a check to ensure that marketplace names are unique. As a result , it is possible to create multiple marketplaces with the same name. This can lead to:

Difficulty in differ and managing multiple marketplaces with identical names.
Conflicts in handling data and operations associated with these marketplaces.

Impact

While the issue does not directly effect funds or cause severe disruptions, it can result in operational challenges and confusion in managing and differentiating between marketplaces.

Tools Used

Manual Code Review

Recommendations

Add a Mapping to Track Used Marketplace Names:
Create a mapping to keep track of which marketplace names have been used to prevent duplicates.

mapping(string => bool) private usedMarketPlaceNames;
Update createMarketPlace Function:
Add a function to check if the marketplace name has already been used before allowing the creation of a new marketplace. Store the name in mapping as used upon successful creation.

function createMarketPlace(
string calldata _marketPlaceName,
bool _fixedratio
) external onlyOwner {
// Check if the marketplace name has already been used or not
(+)require(!usedMarketPlaceNames[_marketPlaceName], "Marketplace name already used");

address marketPlace = GenerateAddress.generateMarketPlaceAddress(
_marketPlaceName
);
MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[
marketPlace
];

if (marketPlaceInfo.status != MarketPlaceStatus.UnInitialized) {
revert MarketPlaceAlreadyInitialized();
}

marketPlaceInfo.status = MarketPlaceStatus.Online;
marketPlaceInfo.fixedratio = _fixedratio;

// do mark as marketplace name as used
(+)usedMarketPlaceNames[_marketPlaceName] = true;

emit CreateMarketPlaceInfo(_marketPlaceName, marketPlace, _fixedratio);
}

Updates

Lead Judging Commences

0xnevi Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

[invalid] finding-SystemConfigcreateMarketPlace-unique

Invalid, admins trusted to create marketplaces accordingly with appropriate inputs, as stated in READ.ME. If they do, there will be no issues.

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.