In the `DeliveryPlace.closeBidTaker` function, collateral liquidation does not check whether the `preOffer` is aborted.
Github link
Summary
If the ask offer is settled, the bid taker of the offer receives the point tokens for settled point.
If the offer is aborted before settlement, the offer can't be settled after and the portion of collaterals for bidded points should be liquidated by bid taker.
And only if offer is aborted, collaterals should be liquidated.
But, even if offer is settled, it is available.
As a result, bid taker can receive unexpected collaterals and this causes the protocol's loss of funds.
Vulnerability Details
In the DeliveryPlace.closeBidTaker function, userCollateralFee is calculated using taker's userRemainingPoints from L179 and taker receives userCollateralFee amount of collateral.
But there is no check whether the preOffer is aborted in the function.
As a result, even when the preOffer is settled and not aborted, taker receive the collaterals.
Impact
The bid taker can receive unexpected collaterals and this causes the protocol's loss of funds.
Tools Used
Manual Review
Recommendations
It is recommended to change the code as following:
Lead Judging Commences
finding-PreMarkets-closeBidTaker-lack-check-abort-status-drain
Valid high, for unsettled ask offers by the original maker, the initial remaining maker collateral is already refunded as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L624-L629)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.