Submission Details
Impact:
Likelihood:
Lack of Emergency Pause Mechanism
Root + Impact
Description
-
The contract lacks an emergency pause mechanism to halt trading in case of discovered vulnerabilities
-
Critical functions like
createSellOrder,buyOrder, andamendSellOrdercannot be paused
// @> No pause mechanism exists for emergency situations
function buyOrder(uint256 _orderId) public {
// ... function continues without any pause check
}
Risk
Likelihood:
-
Medium - Emergency situations requiring immediate halt of operations can occur
-
No mechanism exists to quickly respond to discovered vulnerabilities
Impact:
-
High - Cannot prevent further exploitation once a vulnerability is discovered
-
Could lead to significant financial losses during incident response
Proof of Concept
// If a critical vulnerability is discovered:
// 1. Trading cannot be halted immediately
// 2. Funds continue to be at risk until contract upgrade
// 3. No way to prevent new orders during emergency
Recommended Mitigation
+ import {Pausable} from "@openzeppelin/contracts/security/Pausable.sol";
+ contract OrderBook is Ownable, Pausable {
// ... existing code
+ function pause() external onlyOwner {
+ _pause();
+ }
+
+ function unpause() external onlyOwner {
+ _unpause();
+ }
function createSellOrder(
address _tokenToSell,
uint256 _amountToSell,
uint256 _priceInUSDC,
uint256 _deadlineDuration
+ ) public whenNotPaused returns (uint256) {
// ... existing function
}
}
Rewards breakdown
nSLOC
217This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.