Description

book::can_bid_be_matched and book::can_ask_be_matched check if an order can be filled using an order book. It intends to add up the remaining sizes on the orders in the order book that can match the bid/ask. However, instead of adding up the remaining sizes of these orders, it adds up the full sizes of these orders, as shown in the example below.

let bid_size = (order::get_size(bid) as u128);

This is problematic because some orders may have been partially fulfilled. In some instances the checker functions would count these partially fulfilled orders at their full values. But when the DEX tries to match these orders, it may fill the orders less than book::can_bid_be_matched/book::can_ask_be_matched indicated the order could be filled.

Impact

book::can_bid_be_matched and book::can_ask_be_matched may indicate that an order can be fully matched when it is not fully matchable. This would cause the following line in book::place_bid_limit_order/book::place_ask_limit_order to revert:

assert!(order::get_remaining_size(&order) == 0, ENO_MESSAGE);

Recommendations

Change the order::get_size call to order::get_remaining_size

Remediation

Laminar acknowledged this finding and implemented a fix in commit 0a71↗.