Incomplete Struct Definition in PERMIT2_ORDER_TYPE

Summary

The PERMIT2_ORDER_TYPE struct definition in the Solidity code lacks a complete representation of the Gladius order type, potentially leading to inaccuracies in hashing and unexpected behaviour.

Vulnerability Detail

The PERMIT2_ORDER_TYPE struct is intended to represent the type of a permit order, including various sub-structs such as the witness, Gladius order, Dutch order outputs, order info, and token permissions. However, the definition of PERMIT2_ORDER_TYPE does not include a complete representation of the Gladius order type. Instead, it only includes the GLADIUS_ORDER_TYPE, which represents the Gladius order itself but omits its dependencies defined in the ORDER_TYPE. Here is the code snippet representing the incomplete definition of PERMIT2_ORDER_TYPE:

string internal constant PERMIT2_ORDER_TYPE =
    string(
        abi.encodePacked(
            "GladiusOrder witness)",
            DutchOrderLib.DUTCH_OUTPUT_TYPE,
            GLADIUS_ORDER_TYPE, // Incomplete definition of Gladius order type
            OrderInfoLib.ORDER_INFO_TYPE,
            DutchOrderLib.TOKEN_PERMISSIONS_TYPE
        )
    );

Impact

The incomplete struct definition in PERMIT2_ORDER_TYPE can lead to inaccuracies in hashing and potentially unexpected behaviour in the handling of permit orders. Without including all necessary sub-struct types, the hashing of permit orders may not accurately represent their complete structure, leading to inconsistencies or errors in contract execution.

Code Snippet

#L69-L78

Tool used

Manual Review

Recommendation

The PERMIT2_ORDER_TYPE definition should include the complete Gladius order type along with its dependencies. Specifically, the ORDER_TYPE, which encompasses the Gladius order along with its dependencies, should be included in the definition of PERMIT2_ORDER_TYPE.

sherlock-audit / 2024-02-rubicon-finance-judging

bigbick123456789000 - Incomplete Struct Definition in PERMIT2_ORDER_TYPE #54