Because an account has only one nonce for all markets, executing a TP/SL offChainOrder and thereby increasing the accounts nonce will cancel all offchain orders for any other market. This can lead to significant losses for the user since profit taking and stop losses for the other markets will thereby be disabled.
In the fillOffchainOrders()
function, the system verifies an offChainOrder by comparing the nonce of the offChainOrder with the current nonce of the account:
Since not every offchainOrder
increases the accounts nonce, this allows a user to sign multiple offChainOrders which can all be executed. But as stated in the netspec,
TP/SL must increase the nonce in order to prevent older limit orders from being filled
.
The issue arises from the fact that the account only has one nonce for all markets which means that if a TP/SL is executed in a market and increases the nonce of the account, all other offchain orders will no longer be executable. This also includes any TP/SL order in any other market which were placed to protect the position in another market or take some profit.
Alice has an active offchain order in Market A and Market B. Both orders are stop loss orders to limit the loss Alice accrues
The crypto market falls and Alice´s SL order for market A is executed which checks the nonce.
The nonce is valid, and the order is filled, but this action increments the nonce for Alice's account.
As a result, the SL orders in Market B can no longer be executed since it was signed for the previous nonce
If the asset price for Market B falls further, Alice’s position is no longer protected by the SL order since it can no longer be executed leading to financial loss for Alice
To avoid the scenario described above consider adding individual nonces for each market. This can be done by adding a mapping to the userAccount data which maps the market address to its individual nonce which is used for checking the validity of an offchain order.
If you send 1 cancel and 1 create it should still run the cancel, not revert everything.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.