Tadle

Summary

The settleAskMaker() function in the DeliveryPlace.sol contract has a vulnerability where it incorrectly checks the authority using offerInfo.authority instead of stockInfo.authority. This error prevents ask takers from retrieving their collateral, while bid offers can illegitimately access the collateral of ask takers.

Vulnerability Details

In the settleAskMaker() function, the contract checks the authority to ensure that the caller is authorized to perform the operation. However, the authority check incorrectly references offerInfo.authority instead of stockInfo.authority. This mismatch results in unauthorized access, where bid offers can access collateral intended for ask takers, while legitimate ask takers are unable to retrieve their collateral.

Impact

The vulnerability leads to the following impacts:

1. Ask takers are unable to retrieve their collateral.

2. Bid offers can illegitimately access the collateral of ask takers, potentially leading to financial loss for the ask takers.

Proof of Concepts

Consider the scenario where an ask taker initiates the settleAskMaker() function:

• The function incorrectly verifies the authority using offerInfo.authority instead of stockInfo.authority.

• As a result, the ask taker cannot retrieve their collateral, while the bid offer may exploit this mistake to gain access to the collateral.

Tools Used

Manual code review

Recommendations

To fix this vulnerability, replace the offerInfo.authority reference with stockInfo.authority in the settleAskMaker() function to ensure the correct authority is being checked. This will prevent unauthorized access and ensure that ask takers can retrieve their collateral as intended.