Users can create undercollateralized positions in Turbo mode
Summary
The original ASK offer maker can abort their offer AFTER it's relisted by a taker, resulting in undercollateralized positions.
Vulnerability Details
In Turbo Mode, the original seller deposits crypto as collateral, enabling subsequent traders to buy and sell points without additional collateral.
For the previous reason, it shouldn't be possible to abort a turbo offer after it's relisted, so the abort status is set to: AbortOfferStatus.SubOfferListed.
The issue is that this is done only in memory so the abortOfferStatus remains the same:
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L337
This allows the original offer to abort after a relist in abortAskOffer:
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L552
Impact
Impact: High (Undercollateralized positions and bad debt)
Likelihood: High (No preconditions)
Risk: Critical
Tools Used
Manual review
Recommendations
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L337
Lead Judging Commences
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.