Refunds are sent to recipient instead of requester when orders are cancelled
Summary
When orders are cancelled, it ought to unwind a placed order and send the token to the address requesting the order. But the tokens are transferred to the recipient as if the order was filled.
Vulnerability Detail
This affects both buy and sell orders. When a buy order is cancelled, the payment token is transferred to the recipient and when a sell order is cancelled, the asset token is transferred to the recipient.
Impact
Requester don't get back their tokens when they cancel their order.
0x007
high
Refunds are sent to recipient instead of requester when orders are cancelled
Summary
When orders are cancelled, it ought to unwind a placed order and send the token to the address requesting the order. But the tokens are transferred to the recipient as if the order was filled.
Vulnerability Detail
This affects both buy and sell orders. When a buy order is cancelled, the payment token is transferred to the recipient and when a sell order is cancelled, the asset token is transferred to the recipient.
Impact
Requester don't get back their tokens when they cancel their order.
Code Snippet
https://github.com/sherlock-audit/2023-06-dinari/blob/4851cb7ebc86a7bc26b8d0d399a7dd7f9520f393/sbt-contracts/src/issuer/BuyOrderIssuer.sol#L214 https://github.com/sherlock-audit/2023-06-dinari/blob/4851cb7ebc86a7bc26b8d0d399a7dd7f9520f393/sbt-contracts/src/issuer/SellOrderProcessor.sol#L150
Tool used
Manual Review
Recommendation
Transfer the refund to order.requester when order is cancelled.
Duplicate of #61