OrderBook

​

​

​

The function `getOrderDetailsString` relies on hardcoded token address checks to determine the symbol. If a future token is allowed via `setAllowedSellToken()`, the `tokenSymbol` will remain uninitialized and empty in the UI.

​

// @> tokenSymbol unassigned for unknown tokens

string memory tokenSymbol;

if (order.tokenToSell == address(iWETH)) {

​

​

**Likelihood**:

​

* Occurs when admin adds new token via `setAllowedSellToken`.

* UI presents order details for non core tokens.

​

**Impact**:

​

* `getOrderDetailsString` will display no token symbol.

* UI looks broken or confusing.

​

​

The function `getOrderDetailsString()` uses hardcoded token address comparisons to set the token symbol (wETH, wBTC, wSOL). If a **new token is added via `setAllowedSellToken()`**, its symbol will be blank in the string output.

​

// Assume `newToken` is a valid ERC20 token (e.g., wDOGE) with 18 decimals

orderBook.setAllowedSellToken(address(newToken), true);

​

// Create sell order using the new token

orderBook.createSellOrder(

);

​

// View order string details

string memory details = orderBook.getOrderDetailsString(1);

​

​

Selling: 1000000000000000000

​

- Notice the **missing token symbol**, which should be `"wDOGE"` or something meaningful.

​

​

Introduce `mapping(address => string) public tokenSymbols` and update it during token registration.

​

- string memory tokenSymbol;

+ string memory tokenSymbol = tokenSymbols[order.tokenToSell];