Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`AskSettling` Check is Bypassed in `settleAskTaker` Function

0xbeastboy

Github

https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L335

Summary

The DeliveryPlace:settleAskTaker function bypasses the required AskSettling status of the marketplace under certain conditions. This bypass can be exploited to settle a stock without the necessary status checks, leading to potential financial loss and system instability.

Vulnerability Details

The settleAskTaker function is responsible for settling a stock in a marketplace, which should only occur when the marketplace is in the AskSettling status. This status ensures that the market is in the correct phase for processing and settling ask orders. However, the function contains a logic flaw that allows the contract owner to bypass this critical status check and proceed with the settlement, regardless of the marketplace's actual status.

Below is the critical section of the settleAskTaker function:

if (status == MarketPlaceStatus.AskSettling) {

if (_msgSender() != offerInfo.authority) {

revert Errors.Unauthorized();

}

} else {

if (_msgSender() != owner()) {

revert Errors.Unauthorized();

}

if (_settledPoints > 0) {

revert InvalidPoints();

}

In the code above, if the marketplace status is not AskSettling, the function allows the contract owner (owner()) to bypass this status check and settle the stock. This bypass is problematic because:

The marketplace may not be in the appropriate state to handle the settlement of an ask order, leading to potential mismatches in market operations.
Even if the contract owner is technically allowed to call this function, allowing them to bypass critical checks could lead to the owner making settlements that should not occur, either intentionally or by mistake.
The bypass could result in settling orders with invalid points (_settledPoints > 0), which could disrupt the fair settlement process and lead to financial discrepancies.

Impact

Unauthorized settlements could lead to incorrect financial transactions, such as improper refunds or collateral distributions, potentially causing losses to participants in the marketplace. Bypassing critical status checks can destabilize the marketplace, leading to incorrect operations that may not align with the intended market rules and processes.

Tools Used

Manual Review

Recommendations

The AskSettling status check should be enforced for all calls to the settleAskTaker function, regardless of who the caller is. Remove the bypass for the contract owner to ensure that only valid settlements occur.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.