`DeliveryPlace.closeBidTaker()` and `settleAskTaker()` use wrong token addresses.
Summary
closeBidTaker() and settleAskTaker() use the makerInfo.tokenAddress as a point token address which is incorrect.
Vulnerability Details
In closeBidTaker() and settleAskTaker(), we increase point token amount but use an incorrect token address.
makerInfo.tokenAddress means a collateral token and marketPlaceInfo.tokenAddress should be used instead.
Impact
User's point token balances wouldn't be increased correctly because closeBidTaker() and settleAskTaker() increase the collateral balances instead.
Tools Used
Manual Review
Recommendations
closeBidTaker() and settleAskTaker() should use marketPlaceInfo.tokenAddress instead of makerInfo.tokenAddress.
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance
Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.