DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect emmited event

ElHaj

Summary

The _createBid function in the BidOrdersFacet contract often emits the wrong bid id or even Emit the Event CreateBid while no bid was created in case of marketOrder.

Vulnerability Details

Within the _createBid function, the emitted id for a bid is determined by s.asset[asset].orderId. However, this value is not always accurate due to its dependency on various limits such as shorts_limits, asks_limits, and bids_limits. Consequently, the emitted id may not align with the actual bid created, leading to discrepancies between the emitted event and the recorded bid. and In numerous cases, the bid does not get created at all, making the emitted event erroneous and misleading.

Here's the relevant code snippet illustrating the issue:

STypes.Order memory incomingBid;
incomingBid.addr = sender;
incomingBid.price = price;
incomingBid.ercAmount = ercAmount;
incomingBid.id = Asset.orderId; // Incorrectly emits this id, leading to discrepancies
incomingBid.orderType = isMarketOrder ? O.MarketBid : O.LimitBid;
incomingBid.creationTime = LibOrders.getOffsetTime();
MTypes.BidMatchAlgo memory b;
b.oraclePrice = LibOracle.getPrice(asset);
b.askId = s.asks[asset][Constants.HEAD].nextId;
b.shortHintId = b.shortId = Asset.startingShortId;
// emit the asset.orderId regardless of potential modifications or non-creation of the bid
emit Events.CreateBid(asset, sender, incomingBid.id, incomingBid.creationTime);

  • In essence, the function emits the asset.orderId regardless of whether the order will be modified due to inactive orders or if the bid won't be created at all, especially in the case of market orders.

Updates

Lead Judging Commences

0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-278

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.