Submission Details
Severity:
Reentrancy in PreMarktes::abortAskOffer, can lead to loss of assets/funds
Summary
Reentrancy in PreMarktes.abortAskOffer that can lead to lose of funds. External call are made before the state variables are updated
ITokenManager tokenManager = tadleFactory.getTokenManager();
@> tokenManager.addTokenBalance( //@audit external call are made
TokenBalanceType.MakerRefund,
_msgSender(),
makerInfo.tokenAddress,
makerRefundAmount
);
offerInfo.abortOfferStatus = AbortOfferStatus.Aborted; // state variable update
offerInfo.offerStatus = OfferStatus.Settled;
Vulnerability Details
function abortAskOffer(address _stock, address _offer) external { //@audit cross function reentrancies
StockInfo storage stockInfo = stockInfoMap[_stock];
OfferInfo storage offerInfo = offerInfoMap[_offer];
if (offerInfo.authority != _msgSender()) {
revert Errors.Unauthorized();
}
if (stockInfo.offer != _offer) {
revert InvalidOfferAccount(stockInfo.offer, _offer);
}
if (offerInfo.offerType != OfferType.Ask) {
revert InvalidOfferType(OfferType.Ask, offerInfo.offerType);
}
if (offerInfo.abortOfferStatus != AbortOfferStatus.Initialized) {
revert InvalidAbortOfferStatus(
AbortOfferStatus.Initialized,
offerInfo.abortOfferStatus
);
}
if (
offerInfo.offerStatus != OfferStatus.Virgin &&
offerInfo.offerStatus != OfferStatus.Canceled
) {
revert InvalidOfferStatus();
}
MakerInfo storage makerInfo = makerInfoMap[offerInfo.maker];
if (
makerInfo.offerSettleType == OfferSettleType.Turbo &&
stockInfo.preOffer != address(0x0)
) {
revert InvalidOffer();
}
/// @dev market place must be online
ISystemConfig systemConfig = tadleFactory.getSystemConfig();
MarketPlaceInfo memory marketPlaceInfo = systemConfig
.getMarketPlaceInfo(makerInfo.marketPlace);
marketPlaceInfo.checkMarketPlaceStatus(
block.timestamp,
MarketPlaceStatus.Online
);
uint256 remainingAmount;
if (offerInfo.offerStatus == OfferStatus.Virgin) {
remainingAmount = offerInfo.amount;
} else {
remainingAmount = offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Floor
);
}
uint256 transferAmount = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
remainingAmount,
true,
Math.Rounding.Floor
);
uint256 totalUsedAmount = offerInfo.amount.mulDiv(
offerInfo.usedPoints,
offerInfo.points,
Math.Rounding.Ceil
);
uint256 totalDepositAmount = OfferLibraries.getDepositAmount(
offerInfo.offerType,
offerInfo.collateralRate,
totalUsedAmount,
false,
Math.Rounding.Ceil
);
///@dev update refund amount for offer authority
uint256 makerRefundAmount;
if (transferAmount > totalDepositAmount) {
makerRefundAmount = transferAmount - totalDepositAmount;
} else {
makerRefundAmount = 0;
}
ITokenManager tokenManager = tadleFactory.getTokenManager(); // @audit external call to `ITokenManager`
@> tokenManager.addTokenBalance( //@audit external call are made
TokenBalanceType.MakerRefund,
_msgSender(),
makerInfo.tokenAddress,
makerRefundAmount
);
offerInfo.abortOfferStatus = AbortOfferStatus.Aborted; // state variable update
offerInfo.offerStatus = OfferStatus.Settled;
emit AbortAskOffer(_offer, _msgSender());
}
Impact
Exposes the protocol to reentrancy attack, making the protocol to lose assets
Tools Used
manual review
Recommendations
You can implement a reentrancy guard
Implement Check-Effects-Interactions (CEI) Pattern
Updates
Lead Judging Commences
0xnevi about 1 year ago
Submission Judgement Published Reason: Lack of quality
Assigned finding tags:
[invalid] finding-PreMarkets-reentrancy
Invalid, all [vague generalities](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#vague-generalities) talking about possible reentrancies 11and afaik, reentrancy is not possible and not proven.
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923
USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.