Closed sherlock-admin closed 1 year ago
OrderSender is the person who executes matched transactions. JOJO is a perp DEX in the form of an orderbook that requires professional market makers to participate. Currently, the final authority of orderSender belongs to JOJO team, and in the future, our matching mechanism will be decentralized.
rvierdiiev
medium
User can be censored by trade order sender
Summary
User can be censored by trade executor. As result his orders will not be executed and he can face losses.
Vulnerability Detail
In JOJO system, only
validOrderSender
can execute trading.This makes possible to censor specific user for that sender. As result user will not be able to trade and control his positions and he can become liquidatable and face losses.
Impact
User can't trade.
Code Snippet
https://github.com/sherlock-audit/2023-04-jojo/blob/main/smart-contract-EVM/contracts/impl/JOJOExternal.sol#L112-L115
Tool used
Manual Review
Recommendation
Do not have any good advice.