double user token spending in function executeBuyWithCredit() contract transfer user wETH fund for wETH orders even when user send payment as ETH to contract and contract converted it to wETH (_depositETH() and _delegateToPool() takes user funds when user sends ETH and tries to buy WETH order)
Lines of code Vulnerability details Impact when user wants to buy NFT tokens with wETH asset, and he/she sent ETH to executeBuyWithCredit or executeBatchBuyWithCredit, code would take user tokens two times, one as ETH token in depositETH and one as wETH tokens in delegateToPool so users would pay...