Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Threat Model>clobCancel
GeneralOverview
Findings
Critical (2)
Medium (1)
Low (2)
Informational (1)
DiscussionThe executeRoute does not revert on unsupported function selector
Threat ModelWhat are threat models?Launchpad.sol
MegaRouterFacet.solclobCancelclobDepositclobPostLimitOrderclobWithdrawexecuteRoute
Audit ResultsAssessment Results

Function: clobCancel(ICLOB clob, ICLOB.CancelArgs args)

This function allows the cancellation of orders identified by the provided args.orderIds array.

Inputs

  • clob

    • Control: Full control.

    • Constraints: No constraints.

    • Impact: The address of the contract on which the cancel function will be called.

  • args

    • Control: Full control.

    • Constraints: The caller should be an owner of the provided args.orderIds.

    • Impact: Contains the orderIds and the settlement type, INSTANT or ACCOUNTACCOUNT means that funds will be added to the user's balance in the CLOBManager contract, while INSTANT means that tokens will be transferred directly to the user.

Branches and code coverage

Intended branches

  • Orders have been successfully closed.

Negative behavior

  • The caller is not an owner of the provided args.orderIds.

Function call analysis

  • clob.cancel(msg.sender, args)

    • What is controllable? clob and args.

    • If the return value is controllable, how is it used and how can it go wrong? Return values are not used here.

    • What happens if it reverts, reenters or does other unusual control flow? There is a potential problem because the clob contract address is fully controlled by the caller. Reentrancy is possible here. For more detailed information, refer to the 3.5 finding description (ref).

Zellic © 2025Back to top ↑