Submission Details
Impact:
Likelihood:
### [L-5] CEI Pattern violation in ```OrderBook::buyOrder``` Function
[L-5] CEI Pattern violation in OrderBook::buyOrder Function
Description
The OrderBook::buyOrder Function Violates the CEI (Checks-Effects-Interactions) Patterns
by performing an external call before updating internal state variable.
This violation increases chances of getting disrupt through reentrancy attacks.
Impact:
1.Minor risk of inconsistent state due to reentancy attacks.
2.Breaks solidity best practices.
3.Static analysis and formal tools may flag this as unsafe.
Recommended Mitigation
function buyOrder(uint256 _orderId) public {
Order storage order = orders[_orderId];
// Validation checks
if (order.seller == address(0)) revert OrderNotFound();
if (!order.isActive) revert OrderNotActive();
if (block.timestamp >= order.deadlineTimestamp) revert OrderExpired();
order.isActive = false;
uint256 protocolFee = (order.priceInUSDC * FEE) / PRECISION;
uint256 sellerReceives = order.priceInUSDC - protocolFee;
+- totalFees += protocolFee;
iUSDC.safeTransferFrom(msg.sender, address(this), protocolFee);
iUSDC.safeTransferFrom(msg.sender, order.seller, sellerReceives);
IERC20(order.tokenToSell).safeTransfer(msg.sender, order.amountToSell);
- totalFees += protocolFee;
emit OrderFilled(_orderId, msg.sender, order.seller);
}
Rewards breakdown
nSLOC
217This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.