Incorrect authorization check in listOffer()
Summary
The listOffer function in the PreMarktes contract contains an authorization check that incorrectly restricts the ability to list offers to only the original creator of the stock.
Vulnerability Details
The listOffer function in the PreMarktes contract contains an authorization check that incorrectly restricts the ability to list offers to only the original creator of the stock. This prevents other users who have purchased points from listing their own offers, which contradicts the intended functionality described in the documentation.
StockInfo storage stockInfo = stockInfoMap[_stock];
if (_msgSender() != stockInfo.authority) {
revert Errors.Unauthorized();
}
According to the provided documentation, any user who has purchased points should be able to list those points for sale. For example, after Bob buys points from Alice, he should be able to relist those points at a new price.
https://tadle.gitbook.io/tadle/how-tadle-works/mechanics-of-tadle/protected-mode
The current implementation only allows the original creator of the stock (the authority in stockInfo) to list offers. This prevents users like Bob from relisting their purchased points.
Similar issue is in closeOffer(), relistOffer() and abortAskOffer():
Impact
This bug significantly restricts the functionality of the platform, preventing users from reselling their points and limiting the liquidity of the market. It contradicts the intended design of the system.
Tools Used
Manual review
Recommendations
Modify the authorization check to allow any holder of points to list an offer.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.