Reentrancy vulnerability can call the fallback function for cancelLimitOrder.
Potential violation of Checks-Effects-Interaction pattern in Trading.initiateMarketOrder(struct ITrading.TradeInfo,struct PriceData,bytes,struct ITrading.ERC20PermitData,address): Could potentially lead to re-entrancy vulnerability.
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L163
Vulnerability details
Impact
Reentrancy vulnerability can call the fallback function for cancelLimitOrder.
Potential violation of Checks-Effects-Interaction pattern in Trading.initiateMarketOrder(struct ITrading.TradeInfo,struct PriceData,bytes,struct ITrading.ERC20PermitData,address): Could potentially lead to re-entrancy vulnerability.
Proof of Concept
Attack code can be found at: https://github.com/gbadebosmith/ouch/blob/main/AttackTrading.sol Victim code can be found at: https://github.com/gbadebosmith/ouch/blob/main/Trading.sol
Tools Used
Remix IDE
Recommended Mitigation Steps