Finding Description and Impact

Root Cause

The referralFeeCost is computed in the _handleTransfers function but is not deducted from buyerFeeTotal or transferred to the referrer. This creates the following issues:

1. Unrealized Payment to Referrer: The calculated referralFeeCost is not distributed, leading to the referrer being denied the reward they are entitled to.
2. Incorrect Accounting: The buyerFeeTotal incorrectly reflects the entire fee without subtracting the portion allocated to the referrer.

Impact

1. Reputation Damage: The marketplace may face backlash for failing to reward referrers as expected.
2. Loss of Referral Incentives: Users might be dissuaded from referring new participants, hampering ecosystem growth.
3. Financial Discrepancies: Incorrect fee distribution can lead to disputes or potential loss of funds during settlements.

Recommended Mitigation Steps

1. Deduct Referral Fee from buyerFeeTotal:
2. Transfer Referral Fee to Referrer:

   referralFeeCost = 0;
   if (_referral != address(0) && listing.whitelist == address(0)) {
      referralFeeCost = (baseAmount * bfee * IMarketplaceSetting(marketplaceSetting).referralFee()) /
                (BASE * BASE);
      IERC20(listing.currency).safeTransfer(_referral, referralFeeCost);
      buyerFeeTotal = buyerFeeTotal - referralFeeCost ;
   }