Order could be executed after the end of the pool's duration
Description
The function fillOrder in the SilicaPools contract does not check if the pool is still open before executing the order. This oversight could allow a user to execute an order after the pool's duration has ended.
If an order's expiry is greater than the end of the pool's duration, the order could be executed after the end of the pool's duration. This could allow a user to fill an order after the end of the pool's duration.
function fillOrder(SilicaOrder calldata order, bytes calldata signature, uint256 fraction) public nonReentrant {
bytes32 orderHash = hashOrder(order, _domainSeparatorV4());
// Order validation
if (sFilledFraction[orderHash] + fraction > 1e18) {
revert SilicaPools__OrderAlreadyFilled(orderHash);
}
if (sOrderCancelled[orderHash] == true) {
revert SilicaPools__OrderIsCancelled(orderHash);
}
if (ECDSA.recover(orderHash, signature) != order.maker) {
revert SilicaPools__InvalidSignature(signature);
}
if (order.taker != address(0) && order.taker != msg.sender) {
revert SilicaPools__InvalidCaller(msg.sender, order.taker);
}
if (order.expiry < block.timestamp) {
revert SilicaPools__OrderExpired(order.expiry, block.timestamp);
}
// ...Impact
A user could fill open orders that are not yet expired and are in a profitable position but after the end of the pool's duration.
Recommendations
We recommend implementing checks to ensure that the order is not executed after the end of the pool's duration.
Remediation
This issue has been acknowledged by Alkimiya, and a fix was implemented in commit e0670cb5↗.