OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

## OrderBook.sol ## [ Missing check for _amount, emergencyWithdrawERC20() ]

hawks

Root + Impact

Description

The emergencyWithdrawERC20 function does not validate the _amount, allowing zero-value withdrawals. This leads to unnecessary gas consumption when _amount is 0.

function emergencyWithdrawERC20(address _tokenAddress, uint256 _amount, address _to) external onlyOwner {
if (
_tokenAddress == address(iWETH) || _tokenAddress == address(iWBTC)
|| _tokenAddress == address(iWSOL)
|| _tokenAddress == address(iUSDC)
) {
revert("Cannot withdraw core order book tokens via emergency function");
}
if (_to == address(0)) {
revert InvalidAddress();
}
IERC20 token = IERC20(_tokenAddress);
token.safeTransfer(_to, _amount);
emit EmergencyWithdrawal(_tokenAddress, _amount, _to);
}

Risk

  • Unnecessary Transaction: When _amount is 0, the transfer has no effect. However, the call still executes, wasting resources.

  • Gas Cost: Even a zero-value safeTransfer costs gas due to function execution overhead. This can be avoided entirely.

Likelihood:

  • High: This issue will occur every time the function is called with _amount == 0

Impact:

  • Increase gas cost

Proof of Concept

Recommended Mitigation

Add a check to revert when _amount == 0:

+ if (_amount == 0 ) revert {
InalidAmount();
}

This prevents pointless transfers and aligns function behavior with expected emergency-only usage.

Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.