OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Boolean isActive lacks expressiveness; use orderStatus enum (Active, Filled, Cancelled) for cleaner off-chain integration

0xsyntellect

Root + Impact

Description

Normal behaviour

The contract tracks an order’s lifecycle with a single boolean flag:

bool isActive; // true = open, false = filled OR cancelled

Specific issue

With only two states, off-chain indexers, UIs, or analytics tools cannot distinguish why isActive became false (filled, cancelled by seller, or expired). Developers must parse events or duplicate logic, complicating integrations and increasing the chance of mismatches.

bool isActive; // true = open, false = filled OR cancelled

Risk

Likelihood:LOW

Reason: Purely a design/UX limitation, always observable.

Impact:

Impact: No direct loss of funds, but hampers data accuracy and UX off-chain.

Proof of Concept

Proof-of-Concept (summary)

A dApp UI shows all “inactive” orders in one bucket.
User sees their order marked inactive but cannot tell if it sold or if they cancelled it.
Additional RPC calls or custom event parsing is required, causing latency and code bloat.

Recommended Mitigation

- bool isActive;

-struct Order {

- uint256 id;

- address seller;

- address tokenToSell; // Address of wETH, wBTC, or wSOL

- uint256 amountToSell; // Amount of tokenToSell

- uint256 priceInUSDC; // Total USDC price for the entire amountToSell

- uint256 deadlineTimestamp; // Block timestamp after which the order expires

- bool isActive; // Flag indicating if the order is available to be bought

+ enum OrderStatus { Active, Filled, Cancelled }

+ struct Order {

+ uint256 id;

+ address seller;

+ address tokenToSell;

+ uint256 amountToSell;

+ uint256 priceInUSDC;

+ uint256 deadlineTimestamp;

+ OrderStatus status; // replaces bool isActive

+ }

Updates

Lead Judging Commences

yeahchibyke Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.