The method executeTrade on Trader.sol is calling matchOrders method of the TracerPerpetualSwaps contract. executeTrade is validating that the call was successful, but is missing to validate the return result == true. As a result, we will be adding invalid trade.
(bool success, ) = makeOrder.market.call(
abi.encodePacked(
ITracerPerpetualSwaps(makeOrder.market).matchOrders.selector,
abi.encode(makeOrder, takeOrder, fillAmount)
)
);
// ignore orders that cannot be executed
//FIXME: We should also check if return == false
if (!success) continue;
// update order state
filled[makerOrderId] = makeOrderFilled + fillAmount;
filled[takerOrderId] = takeOrderFilled + fillAmount;
averageExecutionPrice[makerOrderId] = newMakeAverage;
averageExecutionPrice[takerOrderId] = newTakeAverage;
....
// validate orders can match, and outcome state is valid
if (
!Perpetuals.canMatch(order1, filled1, order2, filled2) ||
!Balances.marginIsValid(
newPos1,
balances[order1.maker].lastUpdatedGasPrice *
LIQUIDATION_GAS_COST,
pricingContract.fairPrice(),
trueMaxLeverage()
) ||
!Balances.marginIsValid(
newPos2,
balances[order2.maker].lastUpdatedGasPrice *
LIQUIDATION_GAS_COST,
pricingContract.fairPrice(),
trueMaxLeverage()
)
) {
// emit failed to match event and return false
if (order1.side == Perpetuals.Side.Long) {
emit FailedOrders(
order1.maker,
order2.maker,
order1Id,
order2Id
);
} else {
emit FailedOrders(
order2.maker,
order1.maker,
order2Id,
order1Id
);
}
return false;
}
....
Handle
a_delamo
Vulnerability details
Impact
The method
executeTrade
onTrader.sol
is callingmatchOrders
method of the TracerPerpetualSwaps contract.executeTrade
is validating that the call was successful, but is missing to validate the return result == true. As a result, we will be adding invalid trade.