Summary

The currentOrders function retrieves a list of orders from a mapping based on the asset parameter. It calculates the size of the list by iterating through a linked list of orders and then constructs an array containing these orders.

Vulnerability Details

The vulnerability in this function arises due to potential concurrent modifications of orders while the function is executing. Specifically, if orders are added or removed concurrently by other functions or parts of the contract, it can lead to inconsistencies and unexpected behavior that may lead to Denial of Service.

Impact

Concurrent modifications during the execution of currentOrders can result in the following issues:

Inaccurate Order Count: The size variable is calculated by counting the orders in the linked list. Concurrent additions or removals can cause the size variable to become inaccurate, leading to an incorrect size for the returned array.

Infinite Loop: If an order is removed while the function is iterating through the linked list, it may result in an infinite loop as currentId may never reach Constants.TAIL. This can cause the function to consume all available gas, leading to a denial of service situation.

Tools Used

manual

Recommendations

To mitigate these vulnerabilities and ensure the reliability of the currentOrders function, consider the following recommendations:

Synchronization: Implement synchronization mechanisms such as locks or mutexes to ensure that concurrent modifications cannot occur while the function is executing. This will prevent concurrent additions and removals from interfering with the calculation.

Separate Data Structures: Maintain separate data structures for tracking the order count and the order list. This way, you can have an accurate count of orders without needing to iterate through the linked list, reducing the risk of concurrency issues.

Error Handling: Implement error handling to gracefully handle exceptional cases, such as detecting that currentId has not reached Constants.TAIL due to concurrent modifications. In such cases, you can either return an error or take appropriate actions to handle the situation without entering an infinite loop.