Incomplete Struct Definition in PERMIT2_ORDER_TYPE
Summary
The PERMIT2_ORDER_TYPE struct definition in the Solidity code lacks a complete representation of the Gladius order type, potentially leading to inaccuracies in hashing and unexpected behaviour.
Vulnerability Detail
The PERMIT2_ORDER_TYPE struct is intended to represent the type of a permit order, including various sub-structs such as the witness, Gladius order, Dutch order outputs, order info, and token permissions. However, the definition of PERMIT2_ORDER_TYPE does not include a complete representation of the Gladius order type. Instead, it only includes the GLADIUS_ORDER_TYPE, which represents the Gladius order itself but omits its dependencies defined in the ORDER_TYPE.
Here is the code snippet representing the incomplete definition of PERMIT2_ORDER_TYPE:
string internal constant PERMIT2_ORDER_TYPE =
string(
abi.encodePacked(
"GladiusOrder witness)",
DutchOrderLib.DUTCH_OUTPUT_TYPE,
GLADIUS_ORDER_TYPE, // Incomplete definition of Gladius order type
OrderInfoLib.ORDER_INFO_TYPE,
DutchOrderLib.TOKEN_PERMISSIONS_TYPE
)
);
Impact
The incomplete struct definition in PERMIT2_ORDER_TYPE can lead to inaccuracies in hashing and potentially unexpected behaviour in the handling of permit orders. Without including all necessary sub-struct types, the hashing of permit orders may not accurately represent their complete structure, leading to inconsistencies or errors in contract execution.
The PERMIT2_ORDER_TYPE definition should include the complete Gladius order type along with its dependencies. Specifically, the ORDER_TYPE, which encompasses the Gladius order along with its dependencies, should be included in the definition of PERMIT2_ORDER_TYPE.
bigbick123456789000
medium
Incomplete Struct Definition in PERMIT2_ORDER_TYPE
Summary
The
PERMIT2_ORDER_TYPE
struct definition in the Solidity code lacks a complete representation of the Gladius order type, potentially leading to inaccuracies in hashing and unexpected behaviour.Vulnerability Detail
The
PERMIT2_ORDER_TYPE
struct is intended to represent the type of a permit order, including various sub-structs such as the witness, Gladius order, Dutch order outputs, order info, and token permissions. However, the definition ofPERMIT2_ORDER_TYPE
does not include a complete representation of the Gladius order type. Instead, it only includes theGLADIUS_ORDER_TYPE
, which represents the Gladius order itself but omits its dependencies defined in theORDER_TYPE
. Here is the code snippet representing the incomplete definition ofPERMIT2_ORDER_TYPE
:Impact
The incomplete struct definition in
PERMIT2_ORDER_TYPE
can lead to inaccuracies in hashing and potentially unexpected behaviour in the handling of permit orders. Without including all necessary sub-struct types, the hashing of permit orders may not accurately represent their complete structure, leading to inconsistencies or errors in contract execution.Code Snippet
#L69-L78
Tool used
Manual Review
Recommendation
The
PERMIT2_ORDER_TYPE
definition should include the complete Gladius order type along with its dependencies. Specifically, theORDER_TYPE
, which encompasses the Gladius order along with its dependencies, should be included in the definition ofPERMIT2_ORDER_TYPE
.