Dos of fillOffchainOrder function doesnt allow any offchain order to pass.
Summary
The fact that offchain orders are only valid if the signer matches the trading account owner. If the owner transfers their account, the fillOffchainOrder function will revert if the signer no longer matches the account owner.
Vulnerability Details
since the perpsengine is not implemented yet the createoffchainorder we assume it working as in the test.
assuming that we can create off chain orders.
the order are filled by fillOffchainOrder by the keepers, to fill the order the signer should be the user who created an offchainorder.
@dev If a trading account id owner transfers their account to another address, all offchain orders will be considered cancelled.
so the main issue is where the user transfer their account after creating a order which leads to dos of this function. As the function to createoffchainorder is not implemented yet not sure if the dos is permanent but as the current implementaion of filloffchainorders the only way to remove the order is by canceling the order.
A user with malicious intent could easily dos by
1. creating offchain order
2. transfering account to another address
3. keepers call fillOffchainOrders which will cause dos
Impact
dos
Tools Used
manual review
Recommendations
remove the orders when the signer who created offchainorder is not the account.owner.
Lead Judging Commences
fillOffchainOrders reverts everything if a single order fails one of the multiple checks
If you send 1 cancel and 1 create it should still run the cancel, not revert everything.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.