Tadle

Summary

The settleAskMaker and settleAskTaker functions incorrectly revert when marketPlaceInfo.fixedratio is true. This flaw prevents the correct calculation and distribution of rewards when fixedratio is set to true, which is supposed to enable airdropping tokens based on points held.

Vulnerability Details

The marketPlaceInfo.fixedratio flag is intended to trigger the distribution of tokens proportional to the points held by users, calculated as marketPlaceInfo.tokenPerPoint * _settledPoints. However, in both the settleAskMaker and settleAskTaker functions, there is a conditional check:

This logic is incorrect. The functions should only revert if fixedratio is false, as the true condition indicates that the rewards should be distributed according to the points held by users. As it currently stands, when fixedratio is true, the functions revert and prevent the intended token distribution, disrupting the reward mechanism.

Impact

This issue directly impacts the ability of the platform to properly execute its reward distribution logic when fixedratio is set to true. Users expecting rewards proportional to their points may not receive them.

Tools Used

Manual Code Review

Recommendations

Correct the Conditional Logic: The logic in the settleAskMaker and settleAskTaker functions should be updated to revert when fixedratio is false, not when it is true. The corrected logic should look like this:

This change will ensure that when fixedratio is true, the correct reward distribution calculation is performed, allowing tokens to be airdropped according to the points held by users, as intended by the system design.