Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing account Field in Order Struct Causes Callback Failure

efccweb3

Summary

A missing account field in the CreateOrderParamsAddresses struct causes the validCallback modifier in afterOrderExecution to always fail, preventing order execution callbacks from being processed correctly.

Vulnerability Details

The validCallback modifier checks that order.addresses.account is equal to address(this). However, in createOrder, the CreateOrderParamsAddresses struct does not include the account field, potentially leaving order.addresses.account uninitialized or set to 0x0. This causes the following check to fail:

require(order.addresses.account == address(this), "not mine");
modifier validCallback(bytes32 key, Order.Props memory order) {
require(
msg.sender == address(orderHandler) ||
msg.sender == address(liquidationHandler) ||
msg.sender == address(adlHandler),
"invalid caller"
);
require(order.addresses.account == address(this), "not mine"); // @ <--- here
_;
}

As a result, any calls to afterOrderExecution will revert due to the validCallback modifier, preventing order execution callbacks from proceeding.

Expected behaviour

  • order.addresses.account should be correctly set when an order is created.

  • The validCallback check should pass if the order belongs to the contract.

  • afterOrderExecution should execute successfully.

Actual Behavior

  • order.addresses.account is not explicitly set during order creation.

CreateOrderParamsAddresses memory paramsAddresses = CreateOrderParamsAddresses({
receiver: perpVault,
cancellationReceiver: address(perpVault),
callbackContract: address(this),
uiFeeReceiver: address(0),
market: orderData.market,
initialCollateralToken: orderData.initialCollateralToken,
swapPath: orderData.swapPath
});

  • validCallback fails with "not mine".

  • Order execution callbacks are blocked.

Impact

Orders are created successfully but fail during execution callbacks.

Tools Used

Manual review

Recommendations

CreateOrderParamsAddresses memory paramsAddresses = CreateOrderParamsAddresses({
++ account: address(this) // ✅ Ensure account is set correctly
receiver: perpVault,
cancellationReceiver: address(perpVault),
callbackContract: address(this),
uiFeeReceiver: address(0),
market: orderData.market,
initialCollateralToken: orderData.initialCollateralToken,
swapPath: orderData.swapPath,
});
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.