`DeliveryPlace::closeBidTaker` and `DeliveryPlace::settleAskTaker` deposits piontToken under wrong token address
Summary
DeliveryPlace::closeBidTaker and DeliveryPlace::settleAskTaker deposits piontToken under wrong token address. Point tokens are deposited in the makerInfo.tokenAddress (which is the token used to trade points) instead of marketPlaceInfo.tokenAddress which is the actual address of the point token
Vulnerability Details
As seen in both
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L195-L200 and
https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L384-L389
The Point token is deposited in the makerInfo.tokenAddress instead of marketPlaceInfo.tokenAddress which is the actual address of the point token.
Hence it would be impossible for users to withdraw their point tokens.
Impact
HIGH - Misplacement of user's funds
Tools Used
Manual Review
Recommendations
Replace makerInfo.tokenAddress with marketPlaceInfo.tokenAddress in both cases
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance
Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.