GladiusReactor allows no decay on orders.

Summary

Missing check in _validateOrder function in GladiusReactor contract allows orders with identical decayStartTime and decayEndTime , causing potential issues for users and the protocol itself.

Vulnerability Detail

When GladiusReactor resolves a signed order, it validates orders via the _validateOrder function.

_validateOrder function has implemented in GladiusReactor contract as follows:


            function _validateOrder(GladiusOrder memory order) internal pure {
            ...
            ...

            if (order.decayEndTime < order.decayStartTime) 
            revert OrderEndTimeBeforeStartTime();

            ...
            ...
            ... }

However, _validateOrder function currently lacks implementation for checking whether decayStartTime is equal todecayEndTime or not. decayStartTime can not be equal todecayEndTime because it causes creating orders that never decays.

Impact

The resolve function is responsible for processing and executing signed orders on the GladiusReactor contract. The vulnerability lies in the fact that when resolve function calls _validateOrder function to validate order , it does not properly validate the decayStartTime and decayEndTime parameters of an order. This means that an attacker could potentially create an order with a decayStartTime that is equal to decayEndTime. Such an order would never decay, and the attacker could use it to exploit the protocol or cause financial losses for other users or the protocol itself.

Code Snippet

https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/reactors/GladiusReactor.sol#L129-L150

Tool used

Manual Review

Recommendation

add following line on GladiusReactor L141


-        if (order.decayEndTime < order.decayStartTime)
+        if (order.decayEndTime <= order.decayStartTime)

sherlock-audit / 2024-02-rubicon-finance-judging

taner2344 - GladiusReactor allows no decay on orders. #57