Incorrect check of `msg.sender` in the `DeliveryPlace.settleAskTaker` function.
Github link
Summary
The DeliveryPlace.settleAskTaker function incorrectly checks msg.sender to be offerInfo.authority instead of stockInfo.authority.
Vulnerability Details
In the DeliveryPlace.settleAskTaker function, msg.sender transfers settledPointTokenAmount point tokens to capital pool and it adds the point tokens to offerInfo.authority.
If status == MarketPlaceStatus.AskSettling, this function checks msg.sender to be offerInfo.authority instead of stockInfo.authority from L361.
Impact
stockInfo.authority can't settle his own Ask taker orders.
Tools Used
Manual Review
Recommendations
It is recommended to change the code as following:
Lead Judging Commences
finding-PreMarkets-settleAskTaker-wrong-stock-authority
Valid high severity, when taker offers are created pointing to a `offer`, the relevant `stockInfoMap` offers are created with the owner of the offer aka `authority`, set as the creater of the offer, as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L245). Because of the wrong check within settleAskTaker, it will permanently DoS the final settlement functionality for taker offers for the maker that listed the original offer, essentially bricking the whole functionality of the market i.e. maker will always get refunded the original collateral, and takers will never be able to transact the original points put up by the maker. This occurs regardless of market mode.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.