The contract does not validate the id parameter in the cancel functions
The smart contract currently lacks validation for the 'id' parameter within the cancel functions(cancelBid, cancelAsk, and cancelShort)If an id that does not exist or has already been cancelled is passed, the contract will still execute the function and could potentially alter the state of the contract in an unintended way.
File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 79
File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 55
File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 29
Manual
To resolve this issue, you should add a validation check for the 'id' parameter at the beginning of each cancel function. This check should ensure that the 'id' exists within the respective mapping and that the order has not already been cancelled. If the 'id' does not exist or the order has already been cancelled, the function should revert with an appropriate error message. Here is an example of how you could implement this for the 'cancelBid' function:
You should add similar checks to the 'cancelAsk' and 'cancelShort' functions. This will prevent the contract from executing these functions with invalid 'id' parameters and ensure that the state of the contract is not altered in an unintended way.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.