Seller can steal all the bid fund by repeatedly calling finalize()
Lines of code Vulnerability details Impact Bidders' fund will be stolen by malicious seller, they can not get refund. Proof of Concept In finalize, FinalizeData memory data is local, which means in each call, data is re-initialized. By calling finalize multiple times, a malicious seller can get t...