Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ostium>Threat Model>updateSl
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.sol
OstiumTrading.solcancelOpenLimitOrdercloseTradeMarketcloseTradeMarketTimeoutopenTradeopenTradeMarketTimeouttopUpCollateralupdateOpenLimitOrderupdateSlupdateTp
OstiumVault.sol
Audit ResultsSummary

Function: updateSl(uint16 pairIndex, uint8 index, uint192 newSl)

Updates the stop-loss value of the trade.

Inputs

  • pairIndex

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The index of the trading pair.

  • index

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The index of the order.

  • newTp

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The new stop-loss value.

Branches and code coverage

Intended branches

  • Updates the stop loss to the new value and sets the last updated block number.

Negative behavior

  • Revert if there is a pending trigger.

  • Revert if leverage of the trade is zero (no such trade).

  • Revert if the new SL is not in the correct range.

Function call analysis

  • this.registry.getContractAddress("tradingStorage")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the TradingStorage contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.checkNoPendingTrigger(storageT, sender, pairIndex, index, LimitOrder.SL) -> storageT.orderTriggerBlock(trader, pairIndex, index, orderType)

    • What is controllable? trader, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the order trigger block for that orderType.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.getOpenTrade(sender, pairIndex, index)

    • What is controllable? sender, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Checks the existence of the open trade — incorrect values may lead to incorrect trade-information retrieval.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • IOstiumCallbacks(this.registry.getContractAddress("callbacks")).maxSl_P()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returns the max stop-loss percentage.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • storageT.updateSl(sender, pairIndex, index, newSl)

    • What is controllable? sender, pairIndex, index, and newSl.

    • If the return value is controllable, how is it used and how can it go wrong? Updates the stop-loss value for the trade — no return value.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • TradeUtils.setSlLastUpdated(this.registry.getContractAddress("callbacks"), sender, pairIndex, index, TradeType.MARKET, ChainUtils.getBlockNumber())

    • What is controllable? sender, pairIndex, and index.

    • If the return value is controllable, how is it used and how can it go wrong? Sets the block number when the SL was updated — no return value.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this.registry.getContractAddress("callbacks")

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Returned value is the callback contract address.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑