Tadle

DeFiFoundry

27,750 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inability To Recover Unsold Collateral After Token Generation Event

auditweiler

Summary

Strict MarketplaceStatus checks prevent holders of unsold AskOffers to redeem their underlying assets.

Vulnerability Details

Authorities of AskOffers may choose to either cancel or abort transactions via either abortAskOffer or closeOffer, which when satisfied, allow the offer owner to procure their refund.

However, after the token generation event has occurred (e.g. we have entered the AskSettling phase), neither of these functions become possible to execute due to the strict requirements that the MarketplaceStatus is Online:

In closeOffer: https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L428C8-L431C11

In abortAskOffer: https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L579C9-L582C11

Consequently, users who have deposited collateral into the protocol and have unsuccessfully transacted past the token generation event have no recourse to recover their collateral.

PreMarkets.t.sol

function test_abort_turbo_offer_unable_to_recover() public {

vm.startPrank(user);

preMarktes.createOffer(

CreateOfferParams(

marketPlace,

address(mockUSDCToken),

1000,

0.01 * 1e18,

12000,

300,

OfferType.Ask,

OfferSettleType.Turbo

)

);

vm.stopPrank();

address stockAddr = GenerateAddress.generateStockAddress(0);

address offerAddr = GenerateAddress.generateOfferAddress(0);

vm.label(user, "User");

/// @audit assume tge has happened and we have entered the `AskSettling` period.

vm.prank(user1 /* owner */);

systemConfig.updateMarketPlaceStatus("Backpack", MarketPlaceStatus.AskSettling);

/// @audit user who creates offer must abort first (?)

vm.prank(user);

vm.expectRevert(); /// @audit unable_to_refund

preMarktes.abortAskOffer(stockAddr, offerAddr);

vm.prank(user);

vm.expectRevert(); /// @audit unable_to_refund

preMarktes.closeOffer(stockAddr, offerAddr);

}

Impact

Stuck funds.

Tools Used

Manual Review

Recommendations

Permit the remainder of unsuccessfully transacted offer points to be redeemed after the token generation event.

Updates

Lead Judging Commences

0xnevi Lead Judge

about 1 year ago

0xnevi Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

27,750 USDC

nSLOC

1,229

23 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.