Cancel auction does not get deleted leading to loss of quoteTokens
Lines of code Vulnerability details Impact A malicious seller can cancel the auction just after it has ended, receive their baseToken back and then call reveal to make bidders lose their tokens which is sent to address0. Since a.data.lowestQuote == typeuint128.max just before reveal call is made,...