Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect offer status is set while closing a bid offer

itsabinashb

Summary

Incorrect offerStatus is set while closing a bid by calling DeliveryPlace::closeBidOffer().

Vulnerability Details

The closeBidOffer() is called by the owner of a bid offer when they want to close that offer, after calling this function the price, which was deposited by the Maker while listing the offer but was not used for buying points, are sent back to the Maker i.e is refunded. But to note, in this stage the offer is not settled, offer will be settled when the taker i.e the seller of the points to Maker will settle the stock, by calling settleAskTaker(). But after the execution of the closeBidOffer() the offerStatus is changed to offerStatus.settled, but the status should be offerStatus.settling.

Tools Used

Manual review.

Recommendations

Change the status to offerStatus.settling instead of offerStatus.settled.

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.