Orders are considered valid even after their deadline is reached
Summary
The GladiusReactor contract lacks enforcement of order deadlines, allowing orders to remain valid and potentially executable even after their deadlines are reached.
Vulnerability Detail
In the GladiusReactor contract, while there is validation logic to ensure that an order's deadline is not set before the end time of its decay period, there is no explicit enforcement to invalidate orders once their deadlines are reached. This is evident in the _validateOrder internal function, which validates various order properties but does not include checks to invalidate orders based on expired deadlines. Here's the relevant code snippet:
if (order.info.deadline < order.decayEndTime)
revert DeadlineBeforeEndTime();
While this snippet ensures the order's deadline is not incorrectly set before the end time of its decay period, it does not prevent the execution of orders after their deadlines have passed.
Impact
The lack of enforcement of order deadlines could lead to situations where expired orders are still considered valid and potentially executed. This poses a risk of trades occurring at outdated prices or under undesirable conditions, impacting the integrity and fairness of the decentralized exchange.
Enhance the _validateOrder function to include a check for expired deadlines. If an order's deadline has passed, the function should invalidate the order, preventing its execution.
bigbick123456789000
medium
Orders are considered valid even after their deadline is reached
Summary
The
GladiusReactor
contract lacks enforcement of order deadlines, allowing orders to remain valid and potentially executable even after their deadlines are reached.Vulnerability Detail
In the
GladiusReactor
contract, while there is validation logic to ensure that an order's deadline is not set before the end time of its decay period, there is no explicit enforcement to invalidate orders once their deadlines are reached. This is evident in the_validateOrder
internal function, which validates various order properties but does not include checks to invalidate orders based on expired deadlines. Here's the relevant code snippet:While this snippet ensures the order's deadline is not incorrectly set before the end time of its decay period, it does not prevent the execution of orders after their deadlines have passed.
Impact
The lack of enforcement of order deadlines could lead to situations where expired orders are still considered valid and potentially executed. This poses a risk of trades occurring at outdated prices or under undesirable conditions, impacting the integrity and fairness of the decentralized exchange.
Code Snippet
#L135-L150
Tool used
Manual Review
Recommendation
Enhance the
_validateOrder
function to include a check for expired deadlines. If an order's deadline has passed, the function should invalidate the order, preventing its execution.