Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, admin only function, they are trusted to set appropriate executability age parameters, this is purely a sanity check
0xrobsol
medium
Ensuring Logical Order of Executability Age in Trade Execution Timers
Summary
In the function setExecutabilityAge, there is a potential issue where the logical relationship between the minimum and maximum time delayed executability is not validated, which could lead to inconsistencies in trade execution timing requirements.
Vulnerability Detail
The function is designed to set the bounds for how soon (_minExecutabilityAge) and how late (_maxExecutabilityAge) a trade can be executed after its announcement. The absence of a check to ensure that _minExecutabilityAge is less than _maxExecutabilityAge introduces a risk where the minimum time could be inadvertently set higher than the maximum time, leading to a logical contradiction in trade execution policies.
Impact
If _minExecutabilityAge is allowed to be equal to or greater than _maxExecutabilityAge, it could prevent the execution of trades within the intended time frame, or worse, it could block trade execution altogether. This oversight could disrupt the intended flow of trade execution, potentially affecting the liquidity and operational efficiency of the platform.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L419
Tool used
Manual Review
Recommendation
To mitigate this issue, it is recommended to introduce an additional validation step within the setExecutabilityAge function to ensure that _minExecutabilityAge is strictly less than _maxExecutabilityAge. This can be implemented as follows: