Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ostium>Threat Model>openTrade
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.sol
OstiumTrading.solcancelOpenLimitOrdercloseTradeMarketcloseTradeMarketTimeoutopenTradeopenTradeMarketTimeouttopUpCollateralupdateOpenLimitOrderupdateSlupdateTp
OstiumVault.sol
Audit ResultsSummary

Function: openTrade(IOstiumTradingStorage.Trade t, IOstiumTradingStorage.OpenOrderType orderType, uint256 slippageP)

The function opens a new market/limit trade.

Inputs

  • t

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The details of the trade to open.

  • orderType

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: Market or limit or stop-limit type of trade.

  • slippageP

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The slippage percentage.

Branches and code coverage

Intended branches

  • If the order type is MARKET, store the pending market order.

  • If the order type is LIMIT, store the open limit order.

  • If TP and SL are provided, check if they are in correct range.

Negative behavior

  • Revert if the open trades count plus the pending market open count plus the open limit-orders count is greater than or equal to the max trades per pair.

  • Revert if leverage is not in the correct range.

  • Revert if the position size multiplied by leverage is less than the minimum leverage position.

  • Revert if collateral is above the max allowed value.

Function call analysis

  • this.registry.getContractAddress("pairsStorage")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the pairsStorage contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.registry.getContractAddress("tradingStorage")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the TradingStorage contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.openTradesCount(sender, t.pairIndex)

    • What is controllable? sender and t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the count of open trades for the user and trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.pendingMarketOpenCount(sender, t.pairIndex)

    • What is controllable? sender and t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the count of pending market orders for the user and trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.openLimitOrdersCount(sender, t.pairIndex)

    • What is controllable? sender and t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the count of open limit orders for the user and trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.maxTradesPerPair()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the max amount of trades per pair.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.pendingOrderIdsCount(sender)

    • What is controllable? sender.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the count of pending orders for the user.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.maxPendingMarketOrders()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the max pending market orders.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • pairsStored.pairMinLeverage(t.pairIndex)

    • What is controllable? t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Retrieves the minimum leverage for the trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • pairsStored.pairMaxLeverage(t.pairIndex)

    • What is controllable? t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Retrieves the maximum leverage for the trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • pairsStored.pairMinLevPos(t.pairIndex)

    • What is controllable? t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Retrieves the minimum leverage position for the trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.transferUsdc(sender, address(storageT), t.collateral)

    • What is controllable? sender and t.collateral.

    • If the return value is controllable, how is it used and how can it go wrong? Transfers USDC from the caller to the storage contract.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.firstEmptyOpenLimitIndex(sender, t.pairIndex)

    • What is controllable? sender and t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Finds the first empty open limit index for the user and trading pair.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • storageT.storeOpenLimitOrder(OpenLimitOrder(t.collateral, ChainUtils.getBlockNumber(), t.openPrice, t.tp, t.sl, sender, t.leverage, t.pairIndex, orderType, index, t.buy))

    • What is controllable? t.collateral , t.tp, t.sl, t.openPrice, sender , t.leverage , t.pairIndex, orderType, and t.buy.

    • If the return value is controllable, how is it used and how can it go wrong? Stores an open limit order — no return value.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • ChainUtils.getBlockNumber()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the current block number.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • TradeUtils.setTradeLastUpdated(this.registry.getContractAddress("callbacks"), sender, t.pairIndex, index, TradeType.LIMIT, ChainUtils.getBlockNumber())

    • What is controllable? sender and t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.registry.getContractAddress("callbacks")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the callback contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • IOstiumPriceRouter(this.registry.getContractAddress("priceRouter")).getPrice(t.pairIndex, OrderType.MARKET_OPEN, block.timestamp)

    • What is controllable? t.pairIndex.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the orderId of the current order.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this.registry.getContractAddress("priceRouter")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the priceRouter contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.storePendingMarketOrder(PendingMarketOrder(0, t.openPrice, SafeCastUpgradeable.toUint32(slippageP), Trade(t.collateral, 0, t.tp, t.sl, sender, t.leverage, t.pairIndex, 0, t.buy)), orderId, True)

    • What is controllable? t.openPrice, slippageP, t.collateral, t.tp, t.sl, sender, t.leverage, t.pairIndex, and t.buy.

    • If the return value is controllable, how is it used and how can it go wrong? Stores the pending market order — no return value.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑