DittoETH
Ditto
DeFiFoundryOracle
55,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`BidOrdersFacet.sol#createForcedBid()` is missing `isNotFrozen()` and `onlyValidAsset()` modifier

nadin

Summary

BidOrdersFacet.sol#createForcedBid() is missing isNotFrozen() and onlyValidAsset() modifier.

Vulnerability Details

  • Take a look at BidOrdersFacet.sol#createForcedBid() : here

81 function createForcedBid(
82 address sender,
83 address asset,
84 uint80 price,
85 uint88 ercAmount,
86 uint16[] calldata shortHintArray
87 ) external onlyDiamond returns (uint88 ethFilled, uint88 ercAmountLeft) {
---SNIP---

  • Unlike BidOrdersFacet.sol#createBid() function which can only work when isNotFrozen and onlyValidAsset. The function BidOrdersFacet.sol#createForcedBid() can be triggered by onlyDiamond even if AssetIsFrozen or InvalidAsset.

Impact

The function BidOrdersFacet.sol#createForcedBid() can be triggered by onlyDiamond even if AssetIsFrozen or InvalidAsset.

Tools Used

Manual review

Recommendations

Consider add isNotFrozen() and onlyValidAsset() modifier to BidOrdersFacet.sol#createForcedBid().

Updates

Lead Judging Commences

0xnevi Lead Judge
about 2 years ago
0xnevi Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.