Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE -- Perp>Threat Model>postLimitOrder
GeneralOverview
Findings
Critical (1)
High (4)
Medium (4)
Low (3)
Informational (6)
DiscussionLimited test suiteThe setIndexPrice() update frequency
Threat ModelWhat are threat models?CollateralManager.solGTL.solPerpCLOB.sol
PerpManager.sol_executeFillOrderbackstopLiquidatecanceldepositpostFillCloseOrderpostFillOrderpostLimitOrderwithdraw
Position.sol
Audit ResultsAssessment Results

Function: postLimitOrder(byte[32] asset, address account, PostLimitOrderArgs args)

This function allows a user to create a new limit order to either buy (bid) or sell (ask). Unlike a market fill order, the limit order is placed into the order book and remains there until it is matched and filled, canceled by the owner, or expires or becomes unfillable.

Inputs

  • asset

    • Control: Full control.

    • Constraints: Market should exist.

    • Impact: Determines which asset market the new limit order applies to.

  • account

    • Control: Full control.

    • Constraints: The caller should be the account itself or an approved operator.

    • Impact: Position, margin, and balance updates are applied to this account. Collateral will be provided by the account.

  • args.amountInBase

    • Control: Full control.

    • Constraints: Must be greater than zero and more than minLimitOrderAmountInBase.

    • Impact: The order amount.

  • args.price

    • Control: Full control.

    • Constraints: Must be greater than zero — price % tickSize == 0.

    • Impact: Defines the worst price the user is willing to accept for the trade.

  • args.cancelTimestamp

    • Control: Full control.

    • Constraints: Should be zero or more than the block.timestamp.

    • Impact: The expire time of the order.

  • args.side

    • Control: Full control.

    • Constraints: BUY and SELL.

    • Impact: The buy (bid) or sell (ask) order.

  • args.limitOrderType

    • Control: Full control.

    • Constraints: GOOD_TILL_CANCELLED and POST_ONLY.

    • Impact: If POST_ONLY and BUY, the current BestAsk should be more than args.price. If POST_ONLY and SELL, the current BestBid should be less than args.price.

  • args.subaccount

    • Control: Full control.

    • Constraints: N/A.

    • Impact: Determines which subaccount to apply the trade to.

  • args.leverage

    • Control: Full control.

    • Constraints: (1e18 * 1e18) / leverage should be less than settings.initMarginReq.

    • Impact: Controls how much borrowed funds are used — affects margin and liquidation risk.

  • args.reduceOnly

    • Control: Full control.

    • Constraints: Only for the existing position.

    • Impact: Order to reduce the current account position.

  • args.settlement

    • Control: Full control.

    • Constraints: Must be a valid settlement type (INSTANT, ACCOUNT). For settlement INSTANT, directly transfers from the account, or for ACCOUNT, gets funds from the protocol balance of the account.

    • Impact: Defines how the collateral funds will be provided.

Branches and code coverage

Intended branches

  • Successfully posts a valid BUY limit order.

  • Successfully posts a valid SELL limit order.

  • Reserves the correct collateral amount based on amount and leverage.

  • The order is correctly added to the order book.

  • For large amountInBase and low leverage, the collateral amount is correct.

  • For large amountInBase and high leverage, the collateral amount is correct.

  • A user posts many orders, and the order limit is enforced.

  • The order with extreme price.

Negative behavior

  • amountInBase == 0.

  • price == 0.

  • Reverts if INSTANT and margin exceed user's available balance.

  • Reverts if ACCOUNT and margin exceed user's available tokens for transferring.

Zellic © 2025Back to top ↑