Closed Navid-Fkh closed 1 week ago
Please don’t create issues during the escalation period, they won’t be reviewed and rewarded.
The protocol team fixed this issue in the following PRs/commits: https://github.com/SYMM-IO/protocol-core/pull/56
The Lead Senior Watson signed off on the fix.
Summary
The nonce increase in the LockQuote process is unnecessary because there are no actual changes occurring during this process. UPNL remain unchanged, so it is acceptable not to increase the nonce.
Vulnerability Detail
Although increasing the nonce does not cause any economic damage, it can create complications in certain edge cases, such as during the liquidation process. In these scenarios, it is preferable not to increase the nonce of the involved parties unnecessarily.
Impact
The unnecessary nonce increase may complicate the liquidation process for the liquidator. Specifically, it could make it more difficult to liquidate party B, as party B is constantly locking quotes.