TriHaz
commented
1 year ago Ideally, setting _rage to 0 shouldn't happen, but a check in setLimitOrderPriceRange() should be added, I would change severity to QA.
Closed code423n4 closed 1 year ago
TriHaz
commented
1 year ago Ideally, setting _rage to 0 shouldn't happen, but a check in setLimitOrderPriceRange() should be added, I would change severity to QA.
c4-sponsor
commented
1 year ago TriHaz marked the issue as sponsor confirmed
c4-sponsor
commented
1 year ago TriHaz marked the issue as disagree with severity
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #377
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L939 https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L496
Vulnerability details
Impact
Can cause issues in executeLimitOrder() to always revert unless price = trade.price
Proof of Concept
-Set _range to 0 in setLimitOrderPriceRange() in https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L939 -This then causes executeLimitOrder() to always revert unless price = trade.price via https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L496
Tools Used
None
Recommended Mitigation Steps
Add in a check so that _range cannot be 0 in setLimitOrderPriceRange()