Incorrect `authority` check in `settleAskTaker` function
Summary
In settleAskTaker function in the natspec says caller must be stock authority, but the check is for offer.
Vulnerability Details
/**
* @notice Settle ask taker
* @dev caller must be stock authority
* @dev market place status must be AskSettling
* @param _stock stock address
* @param _settledPoints settled points
* @notice _settledPoints must be less than or equal to stock points
*/
Impact
The function allows any account that is the authority of the offer (rather than the stock) to settle an ask taker. This deviation from the intended access control could enable unauthorized users to settle ask takers, potentially disrupting the intended operation of the contract.
Tools Used
Recommendations
Update the settleAskTaker function to check if the caller (msg.sender) is the authority of the stock, as specified in the Natspec documentation. Modify the access control check as follows:
Lead Judging Commences
finding-PreMarkets-settleAskTaker-wrong-stock-authority
Valid high severity, when taker offers are created pointing to a `offer`, the relevant `stockInfoMap` offers are created with the owner of the offer aka `authority`, set as the creater of the offer, as seen [here](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L245). Because of the wrong check within settleAskTaker, it will permanently DoS the final settlement functionality for taker offers for the maker that listed the original offer, essentially bricking the whole functionality of the market i.e. maker will always get refunded the original collateral, and takers will never be able to transact the original points put up by the maker. This occurs regardless of market mode.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.