Submission Details
Severity:
In `settleAskMaker` and `settleAskTaker` function, collaterals should not be refunded to owner
Github link
Summary
In settleAskMaker and settleAskTaker function, collaterals are refunded to msg.sender and msg.sender may be owner.
But, collaterals should be refunded to authority instead of owner.
Vulnerability Details
In settleAskMaker and settleAskTaker function, collaterals are refunded to msg.sender and msg.sender may be owner.
tokenManager.addTokenBalance(
TokenBalanceType.SalesRevenue,
_msgSender(),
makerInfo.tokenAddress,
makerRefundAmount
);
tokenManager.addTokenBalance(
TokenBalanceType.RemainingCash,
_msgSender(),
makerInfo.tokenAddress,
collateralFee
);
Impact
This causes the user's loss of funds.
Tools Used
Manual Review
Recommendations
It is recommended to change the code as following:
tokenManager.addTokenBalance(
TokenBalanceType.SalesRevenue,
- _msgSender(),
+ offerInfo.authority,
makerInfo.tokenAddress,
makerRefundAmount
);
tokenManager.addTokenBalance(
TokenBalanceType.RemainingCash,
- _msgSender(),
+ stockInfo.authority,
makerInfo.tokenAddress,
collateralFee
);
Prize pool breakdown
Total prize
30,000 USDC
nSLOC
1,22924 USDC / LOC
25,000 USDC
2,750 USDC
2,250 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.