Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The sequence of orders of same accoutId can lead some orders not fulfilled

AllTooWell

Summary

The sequence of orders of same accoutId can lead some orders not fulfilled.

Vulnerability Details

SettlementBranch::fillOffchainOrders has check:

if (ctx.offchainOrder.nonce != tradingAccount.nonce) {
revert Errors.InvalidSignedNonce(tradingAccount.nonce, ctx.offchainOrder.nonce);
}

Users can submit several orders at the same time, and the keeper can pack several orders from same accountId in one tx. However the sequence of orders can be in a random sequence.
For example:

  1. A user submit two offchain orders:
    offchain order 1: order nonce = 5, shouldIncreaseNonce = true
    offchain order 2: order nonce = 6, shouldIncreaseNonce = true

  2. At this time account nonce = 5.

  3. If OffchainOrdersKeeper packages offchain orders and places order1 before order2, both orders can be filled normally.

  4. If OffchainOrdersKeeper packages offchain orders and places order2 before order1, then order2 cannot be filled properly, while order1 can be filled normally (since both have a nonce of 5, they match).

Impact

The sequence of orders of same accoutId can lead some orders not fulfilled.

Tools Used

manual

Recommendations

Offchain keeper should handle ordering properly according to order nonce.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!