Description

In Trading, the limitOrdersTimelock parameter is intended to prevent changing the take-profit or stop-loss parameters of a trade too often after they were last changed. This is tracked by the TradeInfo.tpLastUpdated and TradeInfo.slLastUpdated struct fields, respectively.

However, when this struct is initialized during the creation of a trade in _registerTrade, these fields, the second and third ones in the constructor, are set to zero:

ITradingStorage.TradeInfo(
    _trade.initialPosToken.mul(_trade.leverage),
    0,
    0,
    false,
    pairInfos.lossProtectionTier(_trade)
)

Impact

After a limit order is created, the first SL and TP updates can happen at any time, even before the timelock period has elapsed.

Recommendations

Instead of initializing them to zero, initialize them to block.number.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and a fix was implemented in commit 5dca8a6d↗.