Assessment reports>Avantis>Low findings>Trader contract can bypass max trades per pair
Category: Protocol Risks

Trader contract can bypass max trades per pair

Low Severity
Low Impact
High Likelihood

Description

There is a limit on the number of trades a trader can have open:

require(
    storageT.openTradesCount(msg.sender, t.pairIndex) +
        storageT.pendingMarketOpenCount(msg.sender, t.pairIndex) +
        storageT.openLimitOrdersCount(msg.sender, t.pairIndex) <
        storageT.maxTradesPerPair(),
    "MAX_TRADES_PER_PAIR"
);

However, this limit can be bypassed by operating from multiple trading accounts or by using a contract that splits requested trades across multiple deployed proxies.

Impact

This limit can be bypassed for sophisticated traders.

Recommendations

We recommend removing this limit to equalize the playing field between traders using the front-end and sophisticated traders who deploy contracts to instantiate trades.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and a fix was implemented in commit ab1962d7.

Zellic © 2025Back to top ↑