In partial settlement takers get huge profit
Summary
In a partial settlement, the takers get back their deposit plus any settled point tokens
Vulnerability Details
When a partial settlement(calling settleAskMaker with _settlePoints < offerInfo.usedPoints) occurs the offer status is updated to settle meaning the maker can not settle again and they lose their collateral. The takers on the other hand when they call closeBidtakerthe function gets refunded their deposit plus their share of the maker's collateral and also gets their share of the point tokens that the maker settled.
Impact
The taker gets a huge profit, while the maker a huge loss.
Tools Used
Manual Analysis
Recommendations
Adjust the code to enable more equal distribution.
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-settleAskMaker-partial-settlements
Valid high, in settleAskTaker/settleAskMaker, if the original offer maker performs a partial final settlement, the existing checks [here](https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/DeliveryPlace.sol#L356-L358) and [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/DeliveryPlace.sol#L230-L232) will cause an revert when attempting to complete a full settlement, resulting in their collateral being locked and requiring a rescue from the admin. To note, although examples in the documentation implies settlement in a single click, it is not stated that partial settlements are not allowed, so I believe it is a valid user flow.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.