OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

[M-1] amendSellOrder Missing Sufficient Balance Check - Failed Transactions and Poor UX

radiumx

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

## Summary

The `amendSellOrder` function lacks a check to verify that the seller has sufficient tokens

before attempting transfers. This leads to failed transactions, gas loss, and poor user experience

when sellers try to increase order amounts without having enough tokens.

## Vulnerability Details

The `amendSellOrder` function attempts to transfer additional tokens without checking if the seller

has sufficient balance:

function amendSellOrder(

uint256 _orderId,

uint256 _newAmountToSell,

uint256 _newPriceInUSDC,

uint256 _newDeadlineDuration

) public {

// ... validation checks ...

// Handle token amount changes

if (_newAmountToSell > order.amountToSell) {

// Increasing amount: Transfer additional tokens from seller

uint256 diff = _newAmountToSell - order.amountToSell;

// MISSING: Check if seller has sufficient tokens

// if (token.balanceOf(msg.sender) < diff) revert InsufficientBalance();

token.safeTransferFrom(msg.sender, address(this), diff);

}

--Issues:

- No balance check before `safeTransferFrom`

- Transaction will revert if seller lacks sufficient tokens

- Gas wasted on failed transactions

- Poor user experience with unclear error messages

- Potential for race conditions if balance changes

## Impact

- Failed transactions: Orders cannot be amended when seller lacks tokens

- Gas loss: Users lose gas on failed transactions

- Poor UX: No clear error message about insufficient balance

- Race conditions: Balance could change between check and transfer

- User frustration: Unclear why amendment failed

## Affected Functions

- `amendSellOrder()` - Lines 137-175 (missing balance check)

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

# Proof of Concept

1. User creates order for 100 tokens**

2. User spends all their tokens elsewhere**

3. User tries to amend order to 150 tokens**

4. Transaction fails because user has 0 tokens

5. User loses gas and gets unclear error message

## The Problem

No check for sufficient balance before attempting transfer:

// Lines 137-175: amendSellOrder()

function amendSellOrder(uint256 _orderId, uint256 _newAmountToSell, ...) public {

// ... validation checks ...

if (_newAmountToSell > order.amountToSell) {

uint256 diff = _newAmountToSell - order.amountToSell;

// No balance check here

// if (token.balanceOf(msg.sender) < diff) revert InsufficientBalance();

token.safeTransferFrom(msg.sender, address(this), diff); // Will revert if insufficient balance

}

## What Happens

- User has 0 tokens*but tries to increase order by 50 tokens

- safeTransferFrom reverts with generic error

- Transaction fails and user loses gas

- No clear error message about insufficient balance

- User doesn't know why amendment failed

Recommended Mitigation

# Mitigation

## What's Wrong

The `amendSellOrder` function attempts to transfer tokens without checking

if the seller has sufficient balance, leading to failed transactions and poor user experience.

**Vulnerable Code:**

// Lines 137-175: amendSellOrder()

if (_newAmountToSell > order.amountToSell) {

uint256 diff = _newAmountToSell - order.amountToSell;

// No balance check before transfer

token.safeTransferFrom(msg.sender, address(this), diff);

}

--The Problem:

Transactions fail with unclear error messages when sellers lack sufficient

tokens, wasting gas and frustrating users.

## How to Fix

Add a balance check before attempting the transfer:

if (_newAmountToSell > order.amountToSell) {

uint256 diff = _newAmountToSell - order.amountToSell;

// Check if seller has sufficient tokens

if (token.balanceOf(msg.sender) < diff) revert InsufficientBalance();

token.safeTransferFrom(msg.sender, address(this), diff);

}

--The Fix:

Now users get a clear error message before wasting gas on failed transactions.

## Alternative: Add Custom Error

error InsufficientBalance(uint256 required, uint256 available);

// In function:

if (token.balanceOf(msg.sender) < diff) {

revert InsufficientBalance(diff, token.balanceOf(msg.sender));

}

--Recommendation:

Add the balance check to improve user experience and prevent gas waste.

Updates

Lead Judging Commences

yeahchibyke Lead Judge 6 days ago

Submission Judgement Published

Invalidated

Reason: Too generic

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.