Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ostium>Threat Model>cancelOpenLimitOrder
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.sol
OstiumTrading.solcancelOpenLimitOrdercloseTradeMarketcloseTradeMarketTimeoutopenTradeopenTradeMarketTimeouttopUpCollateralupdateOpenLimitOrderupdateSlupdateTp
OstiumVault.sol
Audit ResultsSummary

Function: cancelOpenLimitOrder(uint16 pairIndex, uint8 index)

Cancels an open limit order.

Inputs

  • pairIndex

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The index of the trading pair.

  • index

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The index of the order.

Branches and code coverage

Intended branches

  • Unregisters the open limit order.

  • Transfers the USDC to the trader.

Negative behavior

  • Revert if there is no such limit order.

  • Revert if there is a pending trigger.

Function call analysis

  • this.registry.getContractAddress("tradingStorage")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the TradingStorage contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.hasOpenLimitOrder(sender, pairIndex, index)

    • What is controllable? sender, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Returns true if there is such open limit order.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.checkNoPendingTrigger(storageT, sender, pairIndex, index, LimitOrder.OPEN) -> storageT.orderTriggerBlock(trader, pairIndex, index, orderType)

    • What is controllable? trader, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the order trigger block for that orderType.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.getOpenLimitOrder(sender, pairIndex, index)

    • What is controllable? sender, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the open limit order.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.unregisterOpenLimitOrder(sender, pairIndex, index)

    • What is controllable? sender, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Unregisters the open limit order.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.transferUsdc(address(storageT), sender, o.collateral)

    • What is controllable? sender.

    • If the return value is controllable, how is it used and how can it go wrong? Transfers USDC from the storage to the sender.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

Zellic © 2024Back to top ↑