Dos on `DeliveryPlace::settleAskTaker` due to wrong sender validation
Summary
DeliveryPlace::settleAskTaker requires the caller to be OfferInfo.authority instead of the stockInfo.authority ,as a result the AskTaker(i.e. stockInfo.authority) will be unable to settle.
Vulnerability Details
DeliveryPlace::settleAskTaker requires the caller to be OfferInfo.authority instead of the stockInfo.authority code - https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L360-L364
The stockInfo.authority will be unable to settle their stock.
Impact
HIGH - DOS on settling , Ask taker will not be able to recover deposited funds
Tools Used
Manual Review
Recommendations
Replace offerInfo.authority with stockInfo.authority
Lead Judging Commences
finding-PreMarkets-settleAskTaker-wrong-stock-authority
Valid high severity, when taker offers are created pointing to a `offer`, the relevant `stockInfoMap` offers are created with the owner of the offer aka `authority`, set as the creater of the offer, as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L245). Because of the wrong check within settleAskTaker, it will permanently DoS the final settlement functionality for taker offers for the maker that listed the original offer, essentially bricking the whole functionality of the market i.e. maker will always get refunded the original collateral, and takers will never be able to transact the original points put up by the maker. This occurs regardless of market mode.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.