Incorrect Token Address Used in settleAskTaker Function
Summary
The settleAskTaker function contains a bug where the token address used to add the token balance is incorrect. Specifically, the code mistakenly uses makerInfo.tokenAddress instead of the correct marketPlaceInfo.tokenAddress when adding the token balance to the authority of the offer.
Vulnerability Details
The function incorrectly uses makerInfo.tokenAddress instead of marketPlaceInfo.tokenAddress when adding the token balance to the authority of the offer. This results in the wrong token being credited, which can lead to significant inconsistencies in token balances and loss of funds if makerInfo.tokenAddressis more valuable than marketPlaceInfo.tokenAddress.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/DeliveryPlace.sol#L376-L390
Impact
Using the incorrect token address in the settleAskTaker function can lead to significant loss of funds for the protocol if makerInfo.tokenAddressis more valuable than marketPlaceInfo.tokenAddress.
Tools Used
Manual review
Recommendations
Replace makerInfo.tokenAddress with marketPlaceInfo.tokenAddress to ensure that the correct token is credited to the authority of the offer.
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance
Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.