If maker has not enough point token, he can receive zero refund, so he don't need to call settleAskOffer, so any subsequent offers and stocks break.
Summary
The settleAskTaker function in DeliveryPlace.sol allows the stock authority to settle an Ask taker, distributing settled point tokens and collateral fees.
If settledPoint is less than offer's usedPoint, then offer's owner can't receive any amount of refund.
Vulnerability Details
If settledPoint is less than offer's usedPoint, then offer's owner can't receive any amount of refund by current implementation.
As you can see in above code, only in case `_settledPoints == offerInfo.usedPoints`, user can salesRevenue.
If settledPoints < offerInfo.usedPoints, maker supply point token but didn't get any refund amount.
So maker don't need to settle point tokens, it results in chain reactions that every subsequent offers and stocks can't be settled.
In addition to, there are cases in that token price significantly increases in several days of TGE.
For example, price of some tokens increases 3000% in a day.
SettlementPeriod is 3 days at max, and if token price increases several times of original price of offer during settlement period, original maker doesn't want to supply token.
Impact
Panelty of all amount of collateral token impacts significant negative effects to token supplier, so if he doesn't supply any amount of token, all funds of subsequent traders are locked in contract.
Tools Used
Manual review
Recommendations
Please consider panelty and settlement mechanism carefully.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.