originOfferInfo is not correctly updated due to 'memory' initialization instead of 'storage'
Summary and Vulnerability Details
In tadle market, users can list their offers using following function:
If the offer is created as turbo mode, abortOfferStatus should be set as SubOfferListed:
In here, originOfferInfo initialized at memory instead of storage and updating the status won't change the storage variables.
Impact
Main function misimplementation
Following lines won't be caught because it remains initialized in abortAskOffer() function ( PreMarkets.sol ):
Tools Used
Manual Review
Recommendations
Changing 'memory' indicator to 'storage' will solve the problem
Lead Judging Commences
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.