Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Threat Model>cancel
GeneralOverview
Findings
Critical (1)
High (2)
Medium (5)
Low (1)
DiscussionTest suite
Threat ModelWhat are threat models?
CLOB.solamendcancelpostFillOrderpostLimitOrder
CLOBManager.solGTERouter.solSimpleLaunchpad.sol
Audit ResultsAssessment Results

Function: cancel(address account, CancelArgs args)

This function allows the account to cancel multiple orders. It can be called by the account itself or an operator authorized for this account.

Inputs

  • account

    • Control: Full control.

    • Constraints: Should be msg.sender itself or an approved operator for the account and the owner of the order.

    • Impact: The owner of the order being canceled.

  • args

    • Control: Full control.

    • Constraints: All orders from orderIds should belong to the account.

    • Impact: Contains orderIds array and settlement.

Branches and code coverage

Intended branches

  • The provided orderId has already been canceled, but it is ignored.

  • The totalQuoteTokenRefunded equals the expected amount.

  • The totalBaseTokenRefunded equals the expected amount.

  • The orderIds have been successfully deleted from the book.

  • The settlement is ACCOUNT, and account has been credited.

  • The settlement is INSTANT, and tokens have been transferred directly to the account address.

Negative behavior

  • The caller is not an account or operator of the account.

  • The orderIds contains an order with a different owner than the given account.

Function call analysis

  • this._executeCancel(ds, account, args) -> BookLib.getQuoteTokenAmount(ds, order.price, order.amount)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the quote-tokens amount calculated using the provided order.price and order.amount amount. The result can be rounded down to zero if order.amount * order.price is less than config.baseSize.

    • What happens if it reverts, reenters or does other unusual control flow? Can revert as a result of overflow during order.amount * order.price calculation if order.price or matchData.order.amount is too large.

  • this._executeCancel(ds, account, args) -> BookLib.removeOrderFromBook(ds, order)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? The metadata.quoteTokenOpenInterest and metadata.baseTokenOpenInterest will be decremented — depends on the side of the order, and order.id will be deleted from the orders list. Also, bidTree and askTree will be updated in addition to orders.nextOrderId and orders.prevOrderId.

  • factory.creditAccount(account, quoteToken, totalQuoteTokenRefunded)

    • What is controllable? account.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? This function increases the internal account balance using the specified totalQuoteTokenRefunded amount. But there is no verification that the actual factory balance is sufficient to replenish the account for this amount.

  • factory.pushToAccount(account, quoteToken, totalQuoteTokenRefunded)

    • What is controllable? account.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Directly transfers the totalQuoteTokenRefunded amount of the quoteToken to the provided account address — reverts if factory does not own enough tokens.

  • factory.creditAccount(account, baseToken, totalBaseTokenRefunded)

    • What is controllable? account.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? This function increases the internal account balance using the specified totalBaseTokenRefunded amount. But there is no verification that the actual factory balance is sufficient to replenish the account for this amount.

  • factory.pushToAccount(account, baseToken, totalBaseTokenRefunded)

    • What is controllable? account.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Directly transfers the totalBaseTokenRefunded amount of the baseToken to the provided account address — reverts if factory does not own enough tokens.

Zellic © 2025Back to top ↑