Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Alkimiya>Low findings>Lack of check that an order has already been canceled
GeneralOverview
Findings
Critical (3)
High (1)
Medium (2)
Low (1)Lack of check that an order has already been canceled
Informational (2)
DiscussionThe sBountyGracePeriod has no limit
Threat ModelWhat are threat models?BTCFeeIndex.solSilicaPools.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Lack of check that an order has already been canceled

Low Severity
Low Impact
Low Likelihood

Description

The cancelOrders function allows the maker of the current order to close it at any moment. However, this function does not verify if the order has already been canceled.

function cancelOrders(SilicaOrder[] calldata orders) external {
    for (uint256 i = 0; i < orders.length; ++i) {
        SilicaOrder calldata order = orders[i];

        if (order.maker != msg.sender) {
            revert SilicaPools__InvalidCaller(msg.sender, order.maker);
        }

        bytes32 orderHash = hashOrder(order, _domainSeparatorV4());

        sOrderCancelled[orderHash] = true;
        emit SilicaPools__OrderCancelled(orderHash);
    }
}

Impact

The maker of the order can mistakenly close the order again, which leads to wasted gas for an unnecessary transaction.

Recommendations

We recommend adding a check to ensure that the order has not already been canceled.

Remediation

Zellic © 2024Back to top ↑