Root + Impact

Normal Behavior

In the expected behavior of the amendSellOrder() function, a seller should be able to amend their sell order (i.e., update the amount, price, or deadline) occasionally to reflect new market conditions or correct a mistake. These amendments are intended to be infrequent and meaningful, not continuous or manipulative.

issue / Problem

The current implementation does not enforce any cool-off period between consecutive amendments made by the same seller. This means a seller can amend their order multiple times in rapid succession. While buyers or off-chain orderbooks are processing the current state of an order, the seller can change critical fields like price or amount repeatedly, resulting in:

• Market manipulation

• Orderbook desynchronization

• Frontrunning opportunities

Description

• In a typical order-based marketplace, sellers should be able to amend their orders to reflect market conditions. However, such changes are expected to be occasional and not intended for high-frequency manipulation.

  The current implementation of amendSellOrder() allows the seller to modify an order’s parameters (amount, price, and deadline) without any enforced time interval between successive calls. This lack of rate limiting enables sellers to rapidly and repeatedly change their orders in response to market movements, mempool observations, or bot activity.

  This can lead to unfair trading conditions and undermines the integrity of off-chain orderbooks and frontend interfaces that rely on a consistent view of the order state.

Risk

Likelihood:

• In competitive trading environments, sellers or bots will attempt to outpace one another by frequently amending orders.

• This behavior is trivially executable since the contract does not restrict amendment frequency.

Impact:

• May lead to financial loss or unfair execution for buyers.

• Breaks consistency between on-chain state and off-chain display, especially in marketplaces or DEX aggregators.

• Opens the door for automated sellers to exploit predictable buyer behavior using mempool scanning.

Proof of Concept

• Off-chain orderbook UIs and buyers typically cache or act on the last seen order state.

• Since the seller can update the order any number of times in the same block or within seconds, they can manipulate the pricing dynamically to their advantage.

• This opens the door for mempool-based frontrunning where a seller observes incoming buyer transactions and adjusts the order before confirmation.

• It can result in unfair price execution, orderbook desync, and ultimately a loss of trust in the protocol or marketplace.

Recommended Mitigation

This solution ensures:

• Sellers cannot amend orders more than once per hour.

• Buyers are protected from price manipulation during mempool propagation.

• Off-chain orderbook and frontend experiences are consistent and fair.

• Refer this link https://github.com/CodeHawks-Contests/2025-07-orderbook/commit/a4c6ec92ba03c2bd93ec00e1624e10fd701c94ee