Closed sherlock-admin closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid:
_injectFees(order)
update the order, as the order utilizes the memory reference of the element within the struct arrayorders
.
Varun_05
high
Fees is not injected properly
Summary
Instead of injecting fees on the correct resolved order the function injects the fees on its copy
Vulnerability Detail
Following is execute functions (it applies to all other execute types)
_prepare function is meant to update resolvedOrders but it updates and injects fees on the copy of resolvedOrders as can be seen from the following highlighted lines
It can be clearly seen that fees is injected on order instead of orders[i] and as order is copy of orders[i] it doesn't modifies orders[i]
Impact
It causes fees to not be paid as the fees is not injected properly,so when _fill(resolvedOrders) is called it would only lead to fulfillment of the output tokens and not the fees.
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/11cac67919e8a1303b3a3177291b88c0c70bf03b/gladius-contracts-internal/src/reactors/BaseGladiusReactor.sol#L213
Tool used
Manual Review
Recommendation
make the following change