The OrderBook::setAllowedSellToken
function allows the contract owner to set the OrderBook::allowedSellToken
mapping status of core tokens (wETH, wBTC, wSOL) to false. This prevents creating or amending sell orders for these tokens, as allowedSellToken[_tokenToSell] is checked in OrderBook::createSellOrder
. Although core tokens are initialized as true in the constructor, no restriction prevents the owner from disabling them later.
Disabling core tokens (wETH, wBTC, wSOL) halts trading for these assets, breaking the order book's primary functionality. Users cannot create new sell orders or amend existing ones for affected tokens, potentially locking liquidity and eroding trust in the platform.
Deploy the OrderBook contract with valid addresses for wETH, wBTC, wSOL, and USDC.
Owner calls setAllowedSellToken(address(iWETH), false) to disable wETH.
Alice attempts to create a sell order for wETH via createSellOrder(address(iWETH), 1e18, 2500e6, 1 days).
Transaction reverts with InvalidToken() error because allowedSellToken[address(iWETH)] == false.
Existing wETH orders remain unaffected, but no new wETH orders can be created or amended.
Add this to test/TestOrderBook.t.sol
Modify the setAllowedSellToken function to prevent disabling core tokens (wETH, wBTC, wSOL) by adding a check to ensure their allowedSellToken status remains true:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.