Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Avantis>Low findings>Trader contract can bypass max trades per pair
GeneralOverview
Findings
Critical (6)
High (9)
Medium (6)
Low (10)Miscalculation of `totalPrincipalDeposited`Fee charged without market-order placementOne account can register multiple referral codesVault manager cannot access entire junior trancheThe maxRedeem function should comply with ERC-4626Incorrect access control causes update lockoutTrader contract can bypass max trades per pairLimit-order timelock not initialized on openPartial closes emit incorrect valueFunction lacks incorrect-payment sanity checks
Informational (7)
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.solVaultManager.solVeTranche.sol
Audit ResultsSummary
Category: Protocol Risks

Trader contract can bypass max trades per pair

Low Severity
Low Impact
High Likelihood

Description

There is a limit on the number of trades a trader can have open:

require(
    storageT.openTradesCount(msg.sender, t.pairIndex) +
        storageT.pendingMarketOpenCount(msg.sender, t.pairIndex) +
        storageT.openLimitOrdersCount(msg.sender, t.pairIndex) <
        storageT.maxTradesPerPair(),
    "MAX_TRADES_PER_PAIR"
);

However, this limit can be bypassed by operating from multiple trading accounts or by using a contract that splits requested trades across multiple deployed proxies.

Impact

This limit can be bypassed for sophisticated traders.

Recommendations

We recommend removing this limit to equalize the playing field between traders using the front-end and sophisticated traders who deploy contracts to instantiate trades.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and a fix was implemented in commit ab1962d7.

Zellic © 2025Back to top ↑