Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Invalid Order Cancellation Due to Uninitialized Timestamp and Incorrect Validation

efccweb3

Summary

A critical vulnerability allows order creator to bypass cancellation cooldowns due to uninitialized timestamps (updatedAtTime) and incorrect validation logic. This breaks core protocol guarantees for order cancellation.

Vulnerability Details

OrderHandler.sol (order creation/cancellation logic)

OrderUtils.sol (timestamp handling)

  • When an order is created via createOrder, the updatedAtTime field is not set, leaving it at its default value (0).

// In createOrder():
CreateOrderParamsNumbers memory paramsNumber = CreateOrderParamsNumbers({
... // No assignment to updatedAtTime
});

  • The cancellation logic uses order.updatedAtTime() (which is 0 for new orders)

  • Order creator calls cancelOrder with a random/invalid key.

  • OrderStoreUtils.get() returns a default order struct with updatedAtTime = 0.

  • validateRequestCancellation computes requestAge = currentTimestamp - 0 = currentTimestamp.

If currentTimestamp > requestExpirationTime, the check passes, allowing cancellation of a non-existent order.

Impact

Legitimate orders with updatedAtTime = 0 can be cancelled immediately, violating cooldown guarantees.

Tools Used

Manual review

Recommendations

++ paramsNumber.updatedAtTime = block.timestamp;
Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.