Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unbounded Settlement Period in `SystemConfig::updateMarket`

0xdarko

Summary

The SystemConfig::updateMarket function allows setting settlement periods outside the intended 24-72 hour range, contradicting the documentation and potentially causing issues for users
Docs:

Once the project tokens are released, the settlement deadline will count down for 24 hours up to 72 hours (depending on the users offer details)

Vulnerability Details

In SystemConfig::updateMarket, there's no validation that the _settlementPeriod parameter falls within the 24-72 hour range specified in the documentation. This oversight allows setting arbitrary settlement periods.

Impact

Two cases happen:

  1. Too Short Settlement Period: If set unrealistically low, sellers may face penalties due to insufficient time to settle.

  2. Too Long Settlement Period: If set extremely high, it could allow sellers to indefinitely delay settlement, potentially griefing buyers.

PoC:

function test_invalidSettlementPeriod() public {
vm.startPrank(user);
preMarktes.createOffer(
CreateOfferParams(
marketPlace,
address(mockUSDCToken),
1000,
0.01 * 1e18,
12000,
300,
OfferType.Ask,
OfferSettleType.Turbo
)
);
vm.stopPrank();
// 3600 in time = 1 hour
vm.prank(user1);
systemConfig.updateMarket(
"Backpack", //marketplace name
address(mockPointToken), //token address
0.01 * 1e18, //token per point
block.timestamp - 1, // tge
1 hours // settlement period
);
(, , , , , uint256 settlementPeriod1) = systemConfig.marketPlaceInfoMap(marketPlace);
vm.prank(user1);
systemConfig.updateMarket(
"Backpack", //marketplace name
address(mockPointToken), //token address
0.01 * 1e18, //token per point
block.timestamp - 1, // tge
73 hours // settlement period
);
(, , , , , uint256 settlementPeriod2) = systemConfig.marketPlaceInfoMap(marketPlace);
console.log("Settlement Period:", settlementPeriod1);
console.log("Settlement Period:", settlementPeriod2);
}

Tools Used

Foundry

Recommendations

Add a check that settlementPeriod is within 24-72 hours and a custom error:

+ error InvalidSettlementPeriod();
function updateMarket(
string calldata _marketPlaceName,
address _tokenAddress,
uint256 _tokenPerPoint,
uint256 _tge,
uint256 _settlementPeriod
) external onlyOwner {
address marketPlace = GenerateAddress.generateMarketPlaceAddress(
_marketPlaceName
);
MarketPlaceInfo storage marketPlaceInfo = marketPlaceInfoMap[
marketPlace
];
// @audit - missing check for settlementPeriod of 24-72 hours
if (marketPlaceInfo.status != MarketPlaceStatus.Online) {
revert MarketPlaceNotOnline(marketPlaceInfo.status);
}
+ if (_settlementPeriod < 24 hours || _settlementPeriod > 72 hours) {
+ revert InvalidSettlementPeriod();
}
// .. OTHER CODE .. //
Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-Admin-Errors-Malicious

The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.