Description

In OstiumTrading, when a market close times out, the user can call closeTradeMarketTimeout to unregister and reregister the trade:

function closeTradeMarketTimeout(uint256 _order) external notDone {
    address sender = _msgSender();
    // [...]

    (bool success,) = address(this).delegatecall(
        abi.encodeWithSignature('closeTradeMarket(uint16,uint8)',
            trade.pairIndex, trade.index)
    );

    if (!success) {
        emit CouldNotCloseTrade(sender, trade.pairIndex, trade.index);
    }

    emit ChainlinkCallbackTimeout( /* [...] */ );
}

If they do not call this function on a stale order, the order will continue taking up a slot in their pending market orders. Since calling this function unconditionally reissues the market close, it seems like the market close must be reissued if the user wants to clear the slot.

Impact

However, more sophisticated users can always cause the call to fail by giving the contract less gas than it needs. This is easy to do because of the call's proximity to the end of the function.

Recommendations

Either do not reissue the close or add in a parameter so that reissuing the close is optional, so that users do not have to be sophisticated to elect that open.

Remediation

This issue has been acknowledged by Ostium Labs, and a fix was implemented in commit 4be09bc8↗.