Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`cancelAllOffchainOrders` doesn't check if account owner has set future nonce, hence cancellation of orders won't be possible

unRekt

Summary

The off-chain orders will become fillable even after cancelling orders in case the nonce is higher than current nonce.

Vulnerability Details

As per the comment above the cancelAllOffchainOrders function -

/// @dev If for some reason the trading account owner has signed off-chain orders with nonce values higher than the
/// current nonce, and the new nonce value matches those values, the off-chain orders will become fillable. Offchain
/// actors must enforce signing orders with the latest nonce value.

We understand that users must sign orders with latest nonce in order for the function to be able to cancel the orders. But in case of nonce higher than current nonce, checks must be present to ensure the nonce is latest.

In the cancelAllOffchainOrders no check is present to ensure or handle the case where nonce is greater than current nonce.

https://github.com/Cyfrin/2024-07-zaros/blob/d687fe96bb7ace8652778797052a38763fbcbb1b/src/perpetuals/branches/OrderBranch.sol#L365-L378

Impact

In case owner has set a future nonce, cancelAllOffchainOrders will not be able to cancel off-chain orders and the offchain orders will be fillable.

Tools Used

Manual review

Recommended Mitigation

Checks must be implemented to handle the scenario in where user has set nonce greater than current nonce.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.