Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Return Value in `MarketOrder::checkPendingOrder` Function Leads To Ineffective Order Status Checks

Fortis Audits

Summary:

The checkPendingOrder function lacks a boolean return value to indicate the pending status of an order. This omission reduces the function's utility and forces reliance on error handling for control flow, which can be inefficient and less intuitive.

Vulnerability Details:

  • Root Cause: The function checkPendingOrder is designed to verify if an order is still pending but does not return a boolean value. Instead, it uses a revert statement to indicate a pending order.

  • Impact: Without a boolean return value, the function's results cannot be directly used in conditional statements, making the control flow less efficient and harder to read. This can lead to more complex and less maintainable code, as well as potential misuse or misinterpretation of the function's intent.

Code Snippet:

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/leaves/MarketOrder.sol#L55-L65

function checkPendingOrder(Data storage self) internal view returns (bool) {
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
uint128 marketOrderMinLifetime = globalConfiguration.marketOrderMinLifetime;
if (
self.timestamp != 0 && marketOrderMinLifetime != 0
&& block.timestamp - self.timestamp <= marketOrderMinLifetime
) {
revert Errors.MarketOrderStillPending(self.timestamp);
}
}

Impact:

  1. Control Flow Complexity: The current implementation forces developers to handle the revert statement, complicating the control flow and increasing the likelihood of errors.

  2. Inefficiency: Using revert for control flow can be inefficient, especially when the function is called frequently, as it incurs higher gas costs and reduces readability.

  3. Maintainability: Code that relies on error handling for logical checks is harder to maintain and understand, which can slow down development and debugging processes.

Tools Used:

Manual Analysis

Recommendations:

  1. Add Boolean Return Value: Modify the checkPendingOrder function to return a boolean value indicating whether an order is still pending.

  2. Refactor Calling Code: Update any code that calls checkPendingOrder to use the returned boolean value for control flow instead of relying on the revert statement.

Here is the recommended mitigation:

-function checkPendingOrder(Data storage self) internal view
+function checkPendingOrder(Data storage self) internal view returns(bool) {
GlobalConfiguration.Data storage globalConfiguration = GlobalConfiguration.load();
uint128 marketOrderMinLifetime = globalConfiguration.marketOrderMinLifetime;
if (
self.timestamp != 0 && marketOrderMinLifetime != 0
&& block.timestamp - self.timestamp <= marketOrderMinLifetime
) {
revert Errors.MarketOrderStillPending(self.timestamp);
}
+ return false;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.