Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

DoS vulnerability when creating a new marketplace in protocol

abandonedplanetplut

Summary

DoS can be evoked when user make an offer right after the market is created. if it is false, the Offer made that is not the initial one can't be executed due to the tokenwhitelist. the token whitelist function is apart from the createMarketPlace function, which can cause unexpected impacts.

Vulnerability Details

// source: ./src/core/PreMarkets.sol::listOffer
ITokenManager tokenManager = tadleFactory.getTokenManager();
tokenManager.tillIn{value: msg.value}(
_msgSender(),
makerInfo.tokenAddress,
transferAmount,
false //이거 revert될 거 같은데? whitelisted가 안되면 무조건 revert임.
//중앙화문제가 발생할 수 있음.
);
}

Impact

if the whitelistToken is not updated right after the market has opened, DoS to user will be evoked.

Tools Used

VScode, foundry

Recommendations


short term: highly recommend putting whitelisttoken update logic inside the marketmaking code, if possible.
example code:

function createMarketPlace(string calldata _marketPlaceName, bool _fixedratio, bool addwhitelisttoken)
...
//use the additional codes and params in order to maximize protocol managements.
if(addwhitelisttoken){
tokenManager.updateTokenWhiteListed(tokenAddressList, true);
}

long term: modify the logic pattern with the if checker and the params that can sort the whitelist adding.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.