Summary:

The function name sellErc20 is misleading and may cause confusion for users about the actual behavior of the function.

Vulnerability Details:

The sellErc20 function creates a sell order, locks the tokens in the contract, and requires a future buyer to execute buyOrder() for the sale to be completed. However, the function name implies an immediate sale of ERC20 tokens, which is not the case. This discrepancy between the function name and its actual behavior can lead to user confusion, unnecessary token locking, and misunderstandings about the trading mechanism.

Impact:

Users might expect immediate liquidity when using the sellErc20 function, but in reality, they are just creating an order that may never be filled. This can lead to confusion about when they will receive payment and may cause unnecessary token locking if no buyers appear. Additionally, there is currently no way to cancel orders, which can further exacerbate the issue.

Tools Used:

Solidity, Foundry.

Recommendations:

Rename the sellErc20 function to better reflect its actual behavior, such as createSellOrder, listErc20ForSale, or placeSellOrder.
Provide clear documentation about the order book mechanism and how long orders persist.
These changes will help users better understand the trading mechanism and avoid confusion about when they will receive payment and the status of their tokens.