Closed sherlock-admin2 closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, keepers are permisionless, users announcing orders can simply be keepers themselves executing orders, so this doesn't apply.
the-first-elder
high
Keepers can select transactions based on keeper fee
Summary
Keepers have the capability to prioritize transactions according to the keeper fee associated with them, often favoring transactions with higher keeper fees.
Vulnerability Detail
This preference for higher keeper fees can result in an accumulation of slow and pending transactions within the protocol.
Impact
Consequently, users who have placed limit or leverage orders may experience situations where their transactions remain unfulfilled due to prolonged processing times. This delay may compel users to cancel their transactions as they reach the maximum allowable transaction duration, potentially resulting in missed profit opportunities for the users and the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L67
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L109
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L160
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L217
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L317
Tool used
Manual Review
Recommendation
Keeper fee should be a constant to mitigate the aforementioned vulnerabilities and ensure fair and efficient transaction processing within the protocol.