Missing Order Existence Check in GmxProxy::cancelOrder
Summary
The function checks if queue.requestKey is not zero before attempting to cancel the order. However, it does not verify if the order associated with queue.requestKey is valid or still pending in gExchangeRouter.
Vulnerability Details
The potential issue with the cancelOrder function, where it does not verify if the order associated with queue.requestKey is valid or still pending in gExchangeRouter,
Impact
If the order is not pending and the cancellation attempt fails, the
queue.requestKeymight not be reset, leading to repeated and futile cancellation attempts.
Continuously attempting to cancel an order that is no longer valid can lead to wasted gas and operational inefficiencies
Tools Used
Manual Review
Recommendations
Implement checks to verify the order's status before attempting cancellation.
Ensure that the contract's state is updated appropriately after a cancellation attempt, successful or not.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.