File Path: 2023-09-ditto/contracts/facets/OrdersFacet.sol
Line: 124
Function: cancelOrderFarFromOracle
This function enables the mass cancellation of orders that diverge substantially from the oracle's price. It presents a potential vulnerability to front-running attacks, where malicious actors could monitor price fluctuations from the oracle and preemptively trigger this function to cancel orders.
To mitigate this risk, we advise implementing further security measures or restrictions to control the conditions and accessibility of this function. The introduction of access control and rate limiting could significantly reduce the front-running risk associated with this function.
Manual
To mitigate front-running risk, we propose the adoption of a commit-reveal scheme. This strategy necessitates users to initially present a hashed version of their order (the "commit"), followed by a subsequent disclosure of the order specifics. This technique effectively deters front-runners as they are unable to access the order specifics until the reveal phase.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.