Settled collateral amount is never updated causing the offer state to remain stale
Vulnerability Details
In PreMarktes::createTaker, DeliveryPlace::settleAskMaker and DeliveryPlace::settleAskTaker the settledCollateralAmount is never updated making it remain at 0 thus making it purposeless. Looking at the struct OfferInfo in IPerMarkets,
The issue with leaving it at 0 conveys false information about the offer to the users
PoC
Alice, the initial market maker, lists 1,000 points for sale at $1 per unit and deposits $1,000 as collateral.
Bob buys 500 points from Alice for $500. This amount is credited to Alice's balance and is available for withdrawal.
At this point Alice "settles" 500 points with Bob but the system didn't update thesettledCollateralAmounton Alice's offerInfo,
Impact
The offer shows wrong information, i.e it says settledCollateralAmount is 0 even though clearly a successful trade has been done and settled.
Tools Used
Manual Review
Recommendations
In the functions PreMarktes::createTaker, DeliveryPlace::settleAskMaker and DeliveryPlace::settleAskTaker the settledCollateralAmount on the appropriate offerInfo should be updated accordingly.
Lead Judging Commences
finding-PreMarkets-listOffer-originIOfferInfo-storage-memory
Valid high severity, because the `abortOfferStatus` of the offer is not updated and persist through `storage` when listing an offer for turbo mode within the `offerInfoMap` mapping, it allows premature abortion given the `abortOfferStatus` defaults to `Initialized`, allowing the bypass of this [check](https://github.com/Cyfrin/2024-08-tadle/blob/04fd8634701697184a3f3a5558b41c109866e5f8/src/core/PreMarkets.sol#L552-L557) here and allow complete refund of initial collateral + stealing of trade tax which can potentially be gamed for profits using multiple addresses
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.