Reselling of points is not compatible with the current process of settlement in protected mode, due to the reseller's settlement being dependent entirely on the original seller.
Summary
The current settlement process in protected mode is such that each seller(original or reseller) have to call the settleAskMaker. Firstly the original seller has to settle and then the reseller has to close the bid and withdraw the points tokens so that he can settle the points for his buyer and so on.
Vulnerability Details
This can become a problem when a seller acts malicious or when there is a long list of subsequent resellers due to the limited askSettlement period.
Example-
Alice sells 1000 for 1000 USDC with 110% collateral in protected mode
Bob buys 1000 points
Bob resells 1000 points for 1100 USDC with 130% collateral to attract buyers, hoping to make 100 profit
Alice wants to steal the collateral of Bob so Alice buys bob's points for 1100
Alice waits for the settlement period to end, and settle points for Bob just a few seconds before the settlement period ends, and got her collateral(1100 USDC) back.
Bob never got the chance to settle the points and loses all of his collateral(1690 USDC)
Alice closes the bid and got 1690 USDC from bob's collateral
Alice makes a profit of 590 USDC.
This is one example where the original seller itself acts malicious to make a profit, but there can be another scenario where the original seller may or may not act intentionally but cause its subsequent resellers to lose collateral.
Example-
Alice sells 1000 points for 1000 USDC
there are 5 buyers that bought 200 points each
all of the buyers resell the 200 points for 400 USDC each, with 110% collateral i.e. they each supplied 440 USDC as collateral
Alice acts malicious(or unintentionally late to settle) and settles the points just few seconds before the askSettlement period is over.
Alice sucessfully settles the points on her part and saved her collateral but all of the resellers will never get the chance to settle the points since the askSettlement has passed.
All the 5 buyers will lose 440 USDC each, and end up with the points tokens they intended to resell.
Impact
malicious seller can steal reseller's collateral
Or lock the collateral of all of his subsequent resellers.
Which in both ways is a loss of funds for the reseller.
impact: high, since there is a direct loss of funds
likelyhood: high, since this can even happen unintentionally.
Tools Used
manual
Recommendations
Implement a one click settlement process similar to the one used in turbo mode.
Lead Judging Commences
[invalid] finding-DeliveryPlace-owner-do-not-call-settleAskMaker
Invalid, the makers are incentivized to settle offers to earn maker bonuses when subsequent takers and makers make trade using the original collateral put up for points as well as get back their initial collateral. Additionally, if they do not settle on time, they will lose all their initial collateral, forcing the `owner` to come in and perform the settlement and retrieving that collateral. This is noted as a design decision [here](https://tadle.gitbook.io/tadle/how-tadle-works/features-and-terminologies/settlement-and-collateral-rate) If all else fails, the `owner` can come in to settle as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L254-L256) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L365-L367) offers to allow closing offers and subsequently allowing refunds. I acknowledge that perhaps a more decentralized
Appeal created
finding-PreMarkets-last-minute-settle-cascade-collateral-penalize
See details in issue #821 comments
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.