search

sherlock-audit / 2023-06-symmetrical-judging

5 stars 4 forks source link

Kose - Forcing is not possible due to high cooldown #343

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Kose

medium

Forcing is not possible due to high cooldown

Summary

When partyB does not respond to partyA's request, only thing that partyA can do is waiting for some cooldown to pass and then forcing actions. Because this cooldown is very high, it is practically not possible to use these functions.

Vulnerability Detail

In order for partyA's to call force function they need to wait some cooldown to pass, for example forceCancelQuote

    function forceCancelQuote(uint256 quoteId) internal {
        AccountStorage.Layout storage accountLayout = AccountStorage.layout();
        MAStorage.Layout storage maLayout = MAStorage.layout();
        Quote storage quote = QuoteStorage.layout().quotes[quoteId];

        require(quote.quoteStatus == QuoteStatus.CANCEL_PENDING, "PartyAFacet: Invalid state");
        require(
            block.timestamp > quote.modifyTimestamp + maLayout.forceCancelCooldown,
            "PartyAFacet: Cooldown not reached"
        );

But this cooldown is in default set to "3000000000000000" seconds, which makes these functions practically impossible to use.

Impact

Protocol's one of main functionality is not usable.

Code Snippet

ControlFacet.sol

        maLayout.forceCancelCooldown = 3000000000000000;
        maLayout.forceCloseCooldown = 3000000000000000;
        maLayout.forceCancelCloseCooldown = 3000000000000000;

Tool used

Manual Review

Recommendation

Reduce the default cooldown to a reasonable value.

Duplicate of #254