Zaros Part 1

Summary

An account can participate in multiple perpetual markets, but operations across these markets share a single marketOrder buffer slot. During high market activity, this design can easily lead to unexecuted market orders being overwritten. As a result, users are forced to wait for their current order to be executed before issuing a new command.

Vulnerability Details

The current system design uses a single marketOrder buffer for all perpetual markets an account participates in. This creates a bottleneck in user interactions, especially during periods of high market activity. When a user has an outstanding market order in one market, they are unable to place orders in other markets until the existing order is executed or cancelled.

Impact

This vulnerability has several significant impacts on user experience and system efficiency:

1. Reduced User Flexibility: Users are unable to manage positions across multiple markets simultaneously, limiting their trading strategies.

2. Increased Risk of Missed Opportunities: In fast-moving markets, users may miss crucial trading opportunities while waiting for an order in a different market to execute.

3. Potential for Order Overwriting: If a user attempts to place a new order before their previous one is executed, they risk overwriting the existing order, potentially leading to unintended financial consequences.

4. System Congestion: As users are forced to wait for order execution, it may lead to increased system load as they repeatedly check order status and attempt to place new orders.

5. Poor User Experience: The limitation can frustrate users, especially those accustomed to more responsive trading platforms, potentially driving them to competitor platforms.

Tools Used

Manual Review

Recommendations

To address this issue, we recommend implementing a per-market marketOrder buffer for each user's active markets.