The `PreMarkets.abortBidTaker` function does not refund collateral for `stockInfo.points` to `preoffer.authority`
Github link
Summary
The PreMarkets.abortBidTaker function refunds the deposited amount for stockInfo.points to stockInfo.authority.
But it does not refund collateral for stockInfo.points to preoffer.authority.
This causes the preoffer.authority's loss of funds.
Vulnerability Details
The stockInfo.authority calls the PreMarkets.abortBidTaker function to abort the stock whose preoffer is aborted.
The preoffer.usedPoints contains stockInfo.points and aborting preoffer does not refund the collateral for usedPoints to preoffer.authority.
The PreMarkets.abortBidTaker function also does not refund collateral for stockInfo.points to preoffer.authority.
It only refunds the deposited amount for stockInfo.points to stockInfo.authority.
As a result, preoffer.authority does not receive collateral for aborted stock.
Impact
This causes the preoffer.authority's loss of funds.
Tools Used
Manual Review
Recommendations
Add the mechanism to refund the collateral for stockInfo.points of aborted stock to preoffer.authority in the PreMarkets.abortBidTaker function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.