The valid offchain orders can not be filled if 1 offchain order reverts
Summary
The fillOffchainOrders function will revert if any offchain order within the batch does not have a matching nonce.
This causes the entire batch to fail, preventing valid orders from being filled. While keepers can resubmit orders, this results in wasted time and gas.
Additionally, the offchain orders can be reverted in many cases, but the valid orders should be filled independently of any invalid ones.
Vulnerability Details
In the current implementation, the fillOffchainOrders function checks each order's nonce against the expected nonce of the trading account.
Users can cancel all offchain orders by using cancelAllOffchainOrders function.
If there is a mismatch, the function reverts, which prevents the execution of other valid orders in the batch.
Impact
The inability to process valid orders in the presence of invalid ones leads to delays and increased gas costs, as keepers must resubmit orders. This can disrupt trading operations and decrease the efficiency of the order settlement process.
Tools Used
Manual review
Recommendations
To mitigate this issue, create the _fillOffchainOrder function to process valid orders individually and implement error handling for invalid orders using the try-catch statement.
This will ensure that valid orders are filled even if some orders in the batch are invalid.
Lead Judging Commences
fillOffchainOrders reverts everything if a single order fails one of the multiple checks
If you send 1 cancel and 1 create it should still run the cancel, not revert everything.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.