bigbick123456789000 - Orders are considered valid even after their deadline is reached

[sherlock-admin]

bigbick123456789000

medium

Orders are considered valid even after their deadline is reached

Summary

The GladiusReactor contract lacks enforcement of order deadlines, allowing orders to remain valid and potentially executable even after their deadlines are reached.

Vulnerability Detail

In the GladiusReactor contract, while there is validation logic to ensure that an order's deadline is not set before the end time of its decay period, there is no explicit enforcement to invalidate orders once their deadlines are reached. This is evident in the _validateOrder internal function, which validates various order properties but does not include checks to invalidate orders based on expired deadlines. Here's the relevant code snippet:

if (order.info.deadline < order.decayEndTime)
    revert DeadlineBeforeEndTime();

While this snippet ensures the order's deadline is not incorrectly set before the end time of its decay period, it does not prevent the execution of orders after their deadlines have passed.

Impact

The lack of enforcement of order deadlines could lead to situations where expired orders are still considered valid and potentially executed. This poses a risk of trades occurring at outdated prices or under undesirable conditions, impacting the integrity and fairness of the decentralized exchange.

Code Snippet

#L135-L150

Tool used

Manual Review

Recommendation

Enhance the _validateOrder function to include a check for expired deadlines. If an order's deadline has passed, the function should invalidate the order, preventing its execution.

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

0xAadi commented:

Invalid: Invalid statement