Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Invalid, this is how stop loss orders work, if price reaches lower than price threshold indicated, they should take any minimum price to limit losses from risk of price going even further down.
dimulski
medium
Users that create a limit order can get their long positions closed with a price less than the stop-loss price they specified.
Summary
The
FlatMoney
protocol allows users to create limit orders where they can specify a stop-loss price as well as profit-take price by calling theannounceLimitOrder()
function. The problem arises in the _closePosition() functionIf the current price is below the
priceLowerThreshold
specified by the user when he was creating the limit order the newminFillPrice
will be set to 0. WhenexecuteClose()
function is then called we have the following checkThe above check will always go trough as the
exitPrice
can't be less than 0 (the function call will revert otherwise), which means that the limit order can be closed with a price that is below thepriceLowerThreshold
specified by the user. Thus the user will receive less rETH tokens back. TheexecuteLimitOrder()
can be called by anyone, once the min amount of time has passed.Vulnerability Detail
Summary
Impact
User's long positions can be closed with a price less than the stop-loss price they specified when they created a limit order.
Code Snippet
LimitOrder.sol#L134-L177
Tool used
Manual Review
Recommendation
Consider rewriting this
so it adheres to the lowerThreshold the user has specified when creating the limit order