Incorrect Token Address Usage in closeBidTaker Function
Summary
The DeliveryPlace::closeBidTaker() function use wrong token address token balance updates. The function incorrectly uses makerInfo.tokenAddress, which represents the sale token address, instead of the point token address.
Vulnerability Details
In the closeBidTaker function, when updating point token balance for the user, the function uses makerInfo.tokenAddress as the token address. However, makerInfo.tokenAddress represents the sale token address, not the correct point token address that should be used. Point token address should be retrieved from marketplace data.
Impact
The incorrect use of token addresses can result in broken token balances, leading to the allocation of wrong tokens to users. This can cause the protocol or users to lose funds
Tools Used
manual
Recommendations
Replace the usage of makerInfo.tokenAddress with the correct marketplace token address obtained from the marketplace data.
Lead Judging Commences
finding-DeliveryPlace-settleAskTaker-closeBidTaker-wrong-makerinfo-token-address-addToken-balance
Valid high severity, In `settleAskTaker/closeBidTaker`, by assigning collateral token to user balance instead of point token, if collateral token is worth more than point, this can cause stealing of other users collateral tokens within the CapitalPool contract, If the opposite occurs, user loses funds based on the points they are supposed to receive
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.