Summary

Any malicious user can dos attack to the fulfillment of the offchain orders

Vulnerability Details

The SettlementBranch:fillOffchainOrders function can be invoked by the keeper to fill off-chain orders by passing the OffchainOrder.Data[] calldata offchainOrders array, which contains the order data for a specific marketId.

A check within this function ensures that if the nonce parameter of an offChainOrder does not match the current nonce of the tradingAccount that placed the order, the transaction will revert, causing all orders in the array to fail.

However, it is straightforward for someone to increase their tradingAccount nonce by simply calling OrderBranch:cancelAllOffchainOrders and passing their accountId.

This opens up a potential attack vector where a malicious actor can create an offChainOrder to execute a denial-of-service (DoS) attack. The attacker can then front-run the keeper's attempt to execute the array of orders by increasing their account nonce, causing the transaction to fail and resulting in the loss of fees.

Impact

1. Malicious actors can exploit this vulnerability to perform a DoS attack. By manipulating their nonce, they can ensure that the keeper's attempt to fill off-chain orders fails, disrupting the order execution process.

2. The keeper incurs transaction fees every time they attempt to execute the array of orders. If an attacker continually causes these transactions to fail, it leads to a significant loss of fees for the keeper, impacting their operational costs.

Tools Used

Manual

Recommendations

Don't revert the transaction just continue