User funds will be stuck if maker does not settle and admin key is compromised/lost
Summary
If an ASK offer Maker fails to settle, the BID Taker should be entitled to receive a portion of the collateral provided by the Maker. However, the current implementation relies entirely on the Admin to settle on behalf of the Maker, meaning the Taker cannot withdraw their funds until the Admin intervenes. While the Admin role is trusted, this approach poses a risk. Implementing a mechanism that allows users to withdraw their funds automatically after a certain period would enhance the trustless nature of the system and mitigate risks associated with a compromised Admin.
Vulnerability Details
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L222
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L96
If Makers do not settle, it is expected that settleAskMaker() in DeliveryPlace.sol will be called by the Admin in order for the Taker to be able to call closeBidTaker() in the same file.
Following test case shows the expected workflow:
NOTE: need to add deal(user2, 100000000 * 10 ** 18); in setUp()
Impact
If the Maker does not settle on time, user funds are entirely dependent on the Admin to settle. In the event of compromised or lost Admin keys, user funds could be permanently locked. This approach undermines the principles of decentralization and a trustless system.
Tools Used
Manual review, Foundry.
Recommendations
Consider implementing a mechanism that allows Takers to withdraw their funds without relying on the Admin if they don't receive their point tokens. For example, you could add a check inside closeBidTaker() to verify if the settlement period has expired and the Maker has not settled. If so, Takers should be allowed to withdraw their funds automatically after that period. This would ensure that users are not left waiting indefinitely for settlement and enhance the protocol's decentralization and trustlessness.
Lead Judging Commences
[invalid] finding-DeliveryPlace-owner-do-not-call-settleAskMaker
Invalid, the makers are incentivized to settle offers to earn maker bonuses when subsequent takers and makers make trade using the original collateral put up for points as well as get back their initial collateral. Additionally, if they do not settle on time, they will lose all their initial collateral, forcing the `owner` to come in and perform the settlement and retrieving that collateral. This is noted as a design decision [here](https://tadle.gitbook.io/tadle/how-tadle-works/features-and-terminologies/settlement-and-collateral-rate) If all else fails, the `owner` can come in to settle as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L254-L256) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L365-L367) offers to allow closing offers and subsequently allowing refunds. I acknowledge that perhaps a more decentralized
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.