OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Uninitialized Local Variable Causes Empty Token Symbol in Order Details

ishwar

Root + Impact

Uninitialized Local Variable Causes Empty Token Symbol in Order Details

Description

The getOrderDetailsString() function is designed to return a formatted string containing order details including the token symbol for display purposes.
The function declares a local variable tokenSymbol but never initializes it, causing the function to return an empty string for the token symbol field, breaking the intended functionality.

function getOrderDetailsString(uint256 _orderId) external view returns (string memory) {

Order memory order = orders[_orderId];

string memory tokenSymbol; // @> Variable declared but never initialized

string memory status;

if (!order.isActive) {

status = "Cancelled";

} else if (order.isActive && block.timestamp >= order.deadlineTimestamp) {

status = "Expired";

} else if (block.timestamp < order.deadlineTimestamp) {

status = "Active";

}

return string(abi.encodePacked(

"Order ID: ", Strings.toString(_orderId),

", Token: ", tokenSymbol, // @> Empty string returned here

", Amount: ", Strings.toString(order.amountToSell),

", Price: ", Strings.toString(order.priceInUSDC),

", Status: ", status,

", Deadline: ", Strings.toString(order.deadlineTimestamp)

));

}

Risk

Likelihood:

Every call to getOrderDetailsString() will return an empty token symbol field. The function is external and likely used by frontend applications or other contracts for displaying order information

Impact:

Frontend applications cannot display meaningful token information to users
Order details become incomplete and potentially confusing for users trying to identify which token is being traded
Integration partners relying on this function will receive malformed data

Proof of Concept

// Deploy OrderBook contract and create an order

OrderBook orderBook = new OrderBook(owner, usdc, feeRecipient, oracle, admin);

// Create a sell order for some token (e.g., WETH)

address wethToken = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;

orderBook.createSellOrder(wethToken, 1000e18, 100e6, 3600);

// Call getOrderDetailsString - will return empty token symbol

string memory details = orderBook.getOrderDetailsString(1);

console.log(details);

// Actual Result: "Order ID: 1, Token: , Amount: 1000000000000000000000, Price: 100000000, Status: Active, Deadline: 1234567890"

// ^^ Empty token field makes it impossible to identify what token is being sold

// Expected Result should be: "Order ID: 1, Token: WETH, Amount: 1000000000000000000000, Price: 100000000, Status: Active, Deadline: 1234567890"

Recommended Mitigation

function getOrderDetailsString(uint256 _orderId) external view returns (string memory) {

Order memory order = orders[_orderId];

- string memory tokenSymbol;

+ string memory tokenSymbol = "UNKNOWN";

+ // Try to get actual token symbol if possible

+ try IERC20Metadata(order.tokenToSell).symbol() returns (string memory symbol) {

+ if (bytes(symbol).length > 0) {

+ tokenSymbol = symbol;

+ }

+ } catch {

+ // Fallback to truncated address if symbol() fails

+ tokenSymbol = Strings.toHexString(uint160(order.tokenToSell), 20);

+ }

string memory status;

if (!order.isActive) {

status = "Cancelled";

} else if (order.isActive && block.timestamp >= order.deadlineTimestamp) {

status = "Expired";

} else if (block.timestamp < order.deadlineTimestamp) {

status = "Active";

}

return string(abi.encodePacked(

"Order ID: ", Strings.toString(_orderId),

", Token: ", tokenSymbol,

", Amount: ", Strings.toString(order.amountToSell),

", Price: ", Strings.toString(order.priceInUSDC),

", Status: ", status,

", Deadline: ", Strings.toString(order.deadlineTimestamp)

));

}

Updates

Lead Judging Commences

yeahchibyke Lead Judge 10 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Appeal created

ishwar Submitter

9 days ago

yeahchibyke Lead Judge 6 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Poor event indexing and asset token symbol not displayed

Events not properly indexed. Filtering and querying from analytic tools will be very in-efficient

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.