sherlock-admin3
commented
5 months ago 2 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; It's an internal function.
FSchmoede commented:
Incorrect. It is an internal method called via _invoke which has a authorization check.
pnkjbee2
high
Unprotected _cancelOrder function
Summary
Vulnerability Detail
Impact
The _cancelOrder function can be called by anyone, which may lead to unauthorized cancellation of orders.
Code Snippet
https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L446
Tool used
Manual Review
Recommendation