The funds of ask maker order can be locked by wrong settled points
Summary
After call DeliveryPlace contract's settleAskMaker() with settled points which is not same as offer's usedPoints, the funds of ask maker will be locked.
Vulnerability Details
When ask maker calls settleAskMaker(), as you see in the code line(https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L276), if the _settledPoints is not same as offerInfo.usedPoints, the make refund will not set in the userTokenBalance(https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L276-L299). Therefore after this concerned project is settled, the maker couldn't withdraw his token with wrong _settledPoints parameter.
Tools Used
Manual review
Recommendations
_settledPoints must be same as offer's usedPoints. Update the code line(https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L230) to below.
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance
Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.