Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Token Whitelisting Changes Will Cause Settlement Reverts

namx05

Summary

If a user calls functions such as listOffer, createOffer, or createTaker, which result in token transfers to capitalPoolAddr, and subsequently, the token used in these transactions is removed from the whitelist by an admin, the settleAskMaker and settleAskTaker functions will revert. This occurs because the tokens used in these transactions will no longer be recognized as valid by the tillIn function, which requires whitelisted tokens.

Vulnerability Details

The settleAskMaker function, which processes settlements for offers made by sellers (makers), and the settleAskTaker function, which handles settlements for offers accepted by buyers (takers), both rely on the tillIn function to validate the whitelisted status of tokens before proceeding. The relevant code snippet for settleAskMaker is:

function settleAskMaker(address _offer, uint256 _settledPoints) external {

...

uint256 settledPointTokenAmount = marketPlaceInfo.tokenPerPoint * _settledPoints;

ITokenManager tokenManager = tadleFactory.getTokenManager();

if (settledPointTokenAmount > 0) {

tokenManager.tillIn(

_msgSender(),

marketPlaceInfo.tokenAddress,

settledPointTokenAmount,

true

);

}

...

}

The tillIn function, as provided earlier, checks whether the token being deposited is whitelisted. If the token is not in the whitelist, the function reverts:

function tillIn(

address _accountAddress,

address _tokenAddress,

uint256 _amount,

bool _isPointToken

) external payable '

onlyRelatedContracts(tadleFactory, _msgSender())

@> onlyInTokenWhiteList(_isPointToken, _tokenAddress) {

...

}

When the token is removed from the whitelist, the subsequent calls to settleAskMaker or settleAskTaker, which involve the token, will fail because the tillIn function will revert upon detecting that the token is no longer whitelisted.

Impact

If the token used in previous transactions is removed from the whitelist, the settleAskMaker and settleAskTaker functions will revert, preventing successful settlement of offers. This results in potential transaction failures and loss of funds or points, as the contracts will be unable to complete the settlement process.

Tools Used

Manual

Recommendations

To mitigate this issue, ensure that token whitelisting changes are managed carefully and consider implementing mechanisms to handle or transition tokens that are removed from the whitelist. One approach could be:

to implement a grace period or a separate function that handles token transitions to avoid disrupting ongoing transactions.
Additionally, consider adding checks or notifications to alert users of whitelist changes that might affect their transactions.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Appeal created

namx05 Submitter

about 1 year ago

0xnevi Lead Judge

about 1 year ago

namx05 Submitter

about 1 year ago

0xnevi Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.