Offer maker can take tax money and abort it before it can be completed
Summary
Anyone can call createOffer , set collateralRatio to 100%, wait for people to take his offer. And abort it just in the right time collecting creator collateral and the taxes.
Vulnerability Details
Offer maker is collecting taxes, when people are taking from his offer. In Protected mode, offer maker might abort anytime. In Turbo mode he has to take in mind, is that he cannot allow anyone to list his own offer, because that would set abortOfferStatus to SubOfferListed. So he won't be able to abort it later.
But he can watch memepool for listOffer, and sandwitch it with closeOffer and relistOffer or even just frontrun it with abortAskOffer
Impact
That person steals money from other (taxes which they are paying)
But more important is that once this bug becomes more popular, the app will become useless because every offer you're sighing for could be revoked as more people see the chance to make easy money.
Tools Used
Manula Review
Recommendations
Probably offer maker should receive a tax reward at settlement. So you cannot abort the offer if you want to get it.
Lead Judging Commences
finding-PreMarkets-listOffer-collateralRate-manipulate
Valid high severity, because the collateral rate utilized when creating an offer is stale and retrieved from a previously set collateral rate, it allows possible manipilation of refund amounts using an inflated collateral rate to drain funds from the CapitalPool contract
Appeal created
finding-PreMarkets-immediate-withdrawal-allow-maker-steal-funds
Valid high severity, given orginal offer makers are not a trusted entity to enforce a settlement. The trade tax set by the maker should be returned back to the takers to avoid abuse of abortion of ask offers to steal trade tax from takers. Note for appeals period: See issue #528 for additional details
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.