Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Orderly Network>Threat Model>executeProcessValidatedFutures
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.sol
Ledger.solaccountDepositaccountWithDrawFinishexecuteAdlexecuteLiquidationexecuteProcessValidatedFuturesexecuteSettlementexecuteWithdrawActionsetCrossChainManagersetFeeManagersetMarketManagersetOperatorManagerAddresssetVaultManager
LedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary

Function: executeProcessValidatedFutures(PerpTypes.FuturesTradeUpload trade)

The function processes perp trade, which is provided by the OperatorManager contract.

struct FuturesTradeUpload { bytes32 accountId; - The ID of the trader. There is no check that the account was registered. bytes32 symbolHash; - It is validated that it is allowed. bytes32 feeAssetHash; - It is not used. int128 tradeQty; - The `perpPosition.positionQty` is updated by `tradeQty`. int128 notional; - The `costPosition` is updated by `notional`. uint128 executedPrice; uint128 fee; - Added to the `costPosition`. The `feeCollectorPosition.costPosition` is decreased by `fee`. int128 sumUnitaryFundings; uint64 tradeId; - If `feeCollectorAccount.lastPerpTradeId` is less than `tradeId`, it will be set to the `tradeId`. uint64 matchId; - It is not used. uint64 timestamp; - It is used just to update `_perpMarketCfg[symbolHash].lastFundingUpdated`. bool side; - It is not used. }

Branches and code coverage

Negative behavior

  • accountId has not enough liquidity to open position.

  • The existing position is updated by the position with opposite side.

  • symbolHash is not allowed.

Function call analysis

  • vaultManager.getAllowedSymbol(trade.symbolHash)

    • External/Internal? External.

    • Argument control? trade.symbolHash is controlled by operator.

    • Impact: Return true if symbolHash is allowed.

  • _feeSwapPosition(perpPosition, trade.symbolHash, trade.fee, trade.tradeId, trade.sumUnitaryFundings)

    • External/Internal? External.

    • Argument control? All arguments are controlled by operator.

    • Impact: Update the traderPosition.costPosition by fee.

  • _feeSwapPosition(perpPosition, trade.symbolHash, trade.fee, trade.tradeId, trade.sumUnitaryFundings) -> _perpFeeCollectorDeposit(symbol, feeAmount, tradeId, sumUnitaryFundings)

    • External/Internal? External.

    • Argument control? All arguments are controlled by operator.

    • Impact: Update the feeCollectorAccountId position; decrease the costPosition by fee and set lastSumUnitaryFundings to sumUnitaryFundings.

Zellic © 2025Back to top ↑