Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Orderly Network>High findings>Large withdrawal may be blocked
GeneralOverview
Findings
Critical (1)
High (4)Large withdrawal may be blockedNo health checksFunction inputs need validationDefault blocking behavior on LZ
Medium (3)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary
Category: Business Logic

Large withdrawal may be blocked

High Severity
High Impact
Medium Likelihood

Description

Withdrawals work in a cross-chain manner. The user sends a withdrawal request via the off-chain architecture, which is then processed by the OperatorManager and forwarded to the Ledger. The Ledger then freezes the user balance on the sending side of the chain and forwards a cross-chain message on to the destination chain where the withdrawal is finalized via the Vault contract.

As of right now, there is no accounting on which chain the user originally deposited the funds from, and this can lead to a situation where the user is unable to withdraw their funds on the desired, initial deposit chain.

Imagine we have users A, B, and C and chains 1, 2, and 3.

  1. User A deposits 1,000 ETH on Chain 1, User B deposits 100 ETH on Chain 2, and User C deposits 100 ETH on Chain 3.

  2. User B withdraws 100 ETH on Chain 1, and User C withdraws 100 ETH on Chain 1. There is now only 800 ETH left in the Vault contract on Chain 1.

  3. User A tries to withdraw 1,000 ETH on Chain 1, their original chain, but the withdrawal is blocked because the Vault contract on Chain 1 does not possess enough funds to cover the withdrawal, as User B and User C have already withdrawn their funds on Chain 1, rather than on their original chain.

  4. User A is forced to split their withdrawal across multiple chains or wait for the Vault contract to be replenished with funds from other users.

Impact

The aforementioned scenario can lead to a situation where a user is unable to withdraw their funds on the desired chain, potentially leading to loss of funds as the user would need to perform additional transactions to withdraw their funds on the desired chain, incurring further risks from the third-party protocol they are using to perform the cross-chain swap.

Recommendations

We recommend that the OperatorManager contract keeps track of which chain the user originally deposited their funds from and only allow withdrawals to be processed on that particular chain. This would require a change to the Ledger contract to allow the OperatorManager to specify the chain on which the withdrawal should be processed and keep track of the original chain the user deposited their funds from.

Remediation

Orderly Network has acknowledged this behavior and have plans to remediate this in the future. Their official response is paraphrased below:

We are currently working on Rebalance with CCTP (Cross-Chain Transfer Protocol, by Circle) to address this issue. The current token is only USDC, and CCTP is Circle's official cross-chain swap solution, ensuring safety.

Zellic © 2024Back to top ↑