Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Avantis>Informational findings>Incorrect ternary operator precedence in limit-open-order callback
GeneralOverview
Findings
Critical (6)
High (9)
Medium (6)
Low (10)
Informational (7)Timestamp updated in memory instead of storageWithdraw to different receiver imbalances statsTranche name hardcodes junior symbolFunction does not need `totalLockPoints`Incorrect ternary operator precedenceUnused vault-fee parameter must be zeroExecute trigger check never fails due to atomicity
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.solVaultManager.solVeTranche.sol
Audit ResultsSummary
Category: Coding Mistakes

Incorrect ternary operator precedence in limit-open-order callback

Informational Severity
Informational Impact
N/A Likelihood

Description

In executeLimitOpenOrderCallback, there is a conditional that determines if the trade succeeds:

if (
    t == IExecute.OpenLimitOrderType.MARKET
        ? (a.price >= o.minPrice && a.price <= o.maxPrice)
        : (
            t == IExecute.OpenLimitOrderType.REVERSAL
                ? (o.buy ? a.price >= o.maxPrice : a.price <= o.minPrice)
                : (o.buy ? a.price <= o.maxPrice : a.price >= o.minPrice)
        ) && _withinExposureLimits(o.trader, o.pairIndex,
            o.positionSize.mul(o.leverage))
) {
    ITradingStorage.Trade memory finalTrade = _registerTrade(
    //...

The _withinExposureLimits check should happen for all order types; however, if t is MARKET, then it is not executed because the ternary operator ?: has lower precedence than the &&.

Impact

There is no impact currently because the first branch of the ternary is never executed — this is the limit order callback, so t is never a market order.

Recommendations

Since t is not ever a market order in this callback, we recommend removing the ternary to prevent this code from being reused in an exploitable way.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and fixes were implemented in the following commits:

Zellic © 2025Back to top ↑