Tadle

DeFi

30,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Offer creators cannot close canceled offers due to restrictive status check (`PreMarkets::closeOffer()`)

4gontuk

Summary

Vulnerability Detail

The PreMarkets contract implements a decentralized marketplace where users can create and interact with offers. The closeOffer() function is designed to allow offer creators to close their offers, effectively removing them from the marketplace. However, the current implementation of this function contains a logical flaw that prevents offer creators from closing offers that have been previously canceled.

In the closeOffer() function, there's a status check that only allows offers with the status Virgin to be closed:

if (offerInfo.offerStatus != OfferStatus.Virgin) {

revert InvalidOfferStatus();

}

This check is overly restrictive as it prevents offer creators from closing offers that have been canceled but not yet formally closed. The OfferStatus enum likely includes a Canceled state, which should also be a valid state for closing an offer.

By only allowing Virgin offers to be closed, the contract creates a scenario where canceled offers remain in a limbo state, unable to be fully removed from the system. This can lead to inconsistencies in offer management and potentially confuse users and administrators about the true state of offers in the marketplace.

Impact

The primary impact of this finding is the inconsistency it introduces in the offer lifecycle management. Offers that have been canceled cannot be formally closed, leading to operational confusion and potential for stale data.

Proof of Concept

Alice creates an offer using the createOffer() function. The offer status is set to Virgin.
Alice decides to cancel the offer using a cancelOffer() function (not shown in the provided code snippet). The offer status is changed to Canceled.
Alice attempts to close the canceled offer using the closeOffer() function.
The transaction reverts due to the InvalidOfferStatus error, as the offer is no longer in the Virgin state.
Alice is unable to fully close and remove her canceled offer from the system.

Tools Used

Manual review

Recommendation

Update the status check in the closeOffer() function to allow both Virgin and Canceled offers to be closed. This will ensure that offer creators can properly manage the full lifecycle of their offers, including closing those that have been canceled.

Here's the recommended change:

function closeOffer(address _stock, address _offer) external {

OfferInfo storage offerInfo = offerInfoMap[_offer];

StockInfo storage stockInfo = stockInfoMap[_stock];

if (stockInfo.offer != _offer) {

revert InvalidOfferAccount(stockInfo.offer, _offer);

}

if (offerInfo.authority != _msgSender()) {

revert Errors.Unauthorized();

}

// Updated status check

- if (offerInfo.offerStatus != OfferStatus.Virgin) {

+ if (offerInfo.offerStatus != OfferStatus.Virgin && offerInfo.offerStatus != OfferStatus.Canceled) {

revert InvalidOfferStatus();

}

// ... rest of the function ...

}

This change allows offer creators to close both Virgin and Canceled offers, ensuring proper offer lifecycle management and improving

Updates

Lead Judging Commences

0xnevi Lead Judge

10 months ago

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

30,000 USDC

nSLOC

1,229

24 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.