Summary :

In contract order.sol, within function _fillPodOrder if after partial filling of order the beans left in that order ID for next time filling is lesser than price in bean of minimumFillAmount set by user then if a person fill order will revert

Vulnerability Details

Example :

UserA creates a PodOrder : Let say he want to buy 100000(100k) pods and willing to pay 0.5 beans per pod with a MinimumFillAmount 11%of total pod Amount , hence he set the order as,

beanAmount = 50000 beans

PricePerPod = 0.5 bean

MinimumFillAmount = 11000 pods

now, UserB wants to partial fill this podOrder so, he fills PodOrder and sell 90000(90k)Pods to UserA

After above txn PodOrder of UserA get updated

Updated PodOrder :

beanAmount = 5000 beans

PricePerPod = 0.5 bean

MinimumFillAmount = 11000

Now, the UserC want sell his Pods to this PodOrder, But whenever he fill the order the txn will always revert bcause :

MinimumFillAmount = 11000, which has a total bean price equal to 5,500 beans but the amount of means remaining in the contract is equal to 5000 beans.

Impact :

There can be a bundles of this type of PodOrders which will revert on Filling, causing User funds to stuck inside the contract since, there's a CancelPodOrder function user can recover the stuck fund but the Market functionality will be afected and there is no warning to user for this type of scenario.

Tools Used : Manual review

Recommendations :

Place a Check to cancel PodOrder whenever the beanAmount reaches below the minimum beans required to fill MinimumFillAmount of pods.