Users might end up with positions that they don't actually want
Summary
Users might end up with positions that they don't actually want
Vulnerability Details
Users can set up a market order using OrderBranch::createMarketOrder() which is then picked up by a keeper and turned into a position. If we take a look at what the market order struct has:
We can see that it does not have any target price or any type of slippage. The order is picked up by a keeper fairly quickly as it is automated but firstly, there could be delays due to offchain malfunction, delays due to the network or even if it is extremely quick, the prices can still move. With that in mind, the user can end up with unfavourable terms, for example he wants to long BTC at \$20,000 and by the time the order gets picked up (could even be extremely quick), the price might already be at 20,100\$ which might have been the price he actually wants to exit the market at. Since there is no way for him to set up some kind of slippage or target price, he doesn't really have anything to do against that. Even worse, since orders have a minimum time they have to be active for, he might not even be cancel it at all.
Impact
Users might end up with positions that they don't actually want
Tools Used
Manual Review
Recommendations
Add a target price parameter that the user can specify and revert if it's above/below it depending on if it's a short/long.
Appeal created
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.