Submission Details
Severity:
``settleAskMaker()`` doesn't credit the ``offerInfo.authority`` ``settledPointTokenAmount``.
Summary
settleAskMaker() doesn't credit the offerInfo.authority settledPointTokenAmount.
Vulnerability Details
In the settleAskMaker()function, if settledPointTokenAmount > 0,
function settleAskMaker(address _offer, uint256 _settledPoints) external {
--SNIP--
if (settledPointTokenAmount > 0) {
tokenManager.tillIn(_msgSender(), marketPlaceInfo.tokenAddress, settledPointTokenAmount, true);
}
--SNIP--
}
Only, the msg.sender transfers settledPointTokenAmount to capital pool but the offerInfo.authority is never credited like in settleAskTaker():
function settleAskTaker(address _stock, uint256 _settledPoints) external {
--SNIP--
if (settledPointTokenAmount > 0) {
tokenManager.tillIn(_msgSender(), marketPlaceInfo.tokenAddress, settledPointTokenAmount, true);
tokenManager.addTokenBalance(
TokenBalanceType.PointToken, offerInfo.authority, makerInfo.tokenAddress, settledPointTokenAmount
);
}
--SNIP--
}
Impact
offerInfo.authority loses settledPointTokenAmount.
Tools Used
Manual Analysis
Recommendations
Add this:
tokenManager.addTokenBalance(
TokenBalanceType.PointToken, offerInfo.authority, makerInfo.tokenAddress, settledPointTokenAmount
);
to settleAskMaker if settledPointTokenAmount > 0.
Prize pool breakdown
Total prize
27,750 USDC
nSLOC
1,22923 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.