Closed sherlock-admin2 closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, similar to #13, admin only function, they are trusted to set appropriate parameters. This is purely a sanity check
Dliteofficial
medium
Missing check in
FlatcoinVault::setExecutabilityAge()
makes the time between executableAtTime and the maxExecutabilityAge short, resulting in more expired ordersSummary
There is a missing check in
FlatcoinVault::setExecutabilityAge()
which makes it difficult for an order to be executed.Vulnerability Detail
The
setExecutabilityAge()
is used to set the minimum and maximum order executability age. There is a check which ensures that none of the value provided is 0 but there isnt a check that prevents the minimum from being higher than the maximum. This missing check makes it possible to set the minimum and maximum to 60 seconds and 5 seconds respectively, for example.Impact
Using the values above, this means that order can only be executed in a 5 seconds window, 60 seconds from when the order was announced. With a short order execution window, there'll be more expired orders than executed ones.
Code Snippet
FlatcoinVault::setExecutabilityAge()
DelayedOrder::_prepareAnnouncementOrder()
DelayedOrder::_prepareExecutionOrder()
Tool used
Manual Review
Recommendation