Description

The nonce of the execute_deposit function is shadowed. However, this will eventually be set to the appropriate nonce value, so there are no program flow issues.

// echelon_executor/executor.move
public entry fun execute_deposit(
    nonce: u256, 
    market_hash: address, 
    market_obj: Object<Market>
) acquires ExecutorController, SmartSigner {
    // [...]
    let nonce = borrow_global<ExecutorController>(package::package_address()).last_nonce + 1;
    // [...]
}

In addition, the nonce checks are different between meridian_executor and echelon_executor. However, this gives the same result, so there are no program flow issues.

// meridian_executor/executor.move
public entry fun execute_deposit(
    nonce: u256,
    market_hash: address, 
    pool_obj: Object<Pool>
) acquires ExecutorController, SmartSigner {
    // [...]
    assert!(
    borrow_global<ExecutorController>(package::package_address()).last_nonce + 1 == nonce, ERR_MERIDIAN_EXECUTOR_INVALID_NONCE
        );
    // [...]
}

Impact

Currently, this structure makes it difficult for future nonce-related changes to be processed in batches, which can be unmanageable and cause changes to be missed. This means that if the nonce-related structure changes in the future, the contract may not work properly due to inconsistent nonce handling.

Recommendations

It is recommended to avoid shadowing and make the nonce checks consistent between the two contracts.

Remediation

This issue has been acknowledged by Echelon, and a fix was implemented in commit 3389f079↗.