Talentir Token & Marketplace
Summary
The Talentir Marketplace is for content creators to publish tokens representing their media and for their fans to trade them. The tokens that can be minted on the Talentir platform conform to the ERC-1155 standard so that creators can release multiple copies of the same token. This results in a marketplace that combines elements of fungible and non-fungible marketplaces. The DEX is designed as an order book where users specify a price that gets executed whenever a willing counter-party submits the other side of the order. The order book is a tuple consisting of a RB-tree whose nodes represent the prices and a mapping that takes a price to a linked list of orders that were submitted at that price level. One high severity issue was found involving insecure use of the methods in this data structure (TAL-1). Overall the code is well-written and the NatSpec and documentation helped clarify the inner workings of the code. Most of the critical findings center around the external calls made in order to transfer ether. There are many opportunities that can lead to malicious users degrading or denying protocol service using these external calls (TAL-2). However, these can be mitigated by implementing a withdrawal pattern. UPDATE: The team has addressed all the relevant issues or acknowledged and clarified them.
