Trading._checkDelay is not sufficient to prevent profiting when there are multiple valid prices for an asset

[code423n4]

Lines of code

https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L857-L868

Vulnerability details

Impact

User can profit from when there are multiple valid prices for an asset

Proof of Concept

function _checkDelay(uint _id, bool _type) internal {
    unchecked {
        Delay memory _delay = blockDelayPassed[_id];
        if (_delay.actionType == _type) {
            blockDelayPassed[_id].delay = block.number + blockDelay;
        } else {
            if (block.number < _delay.delay) revert("0"); //Wait
            blockDelayPassed[_id].delay = block.number + blockDelay;
            blockDelayPassed[_id].actionType = _type;
        }
    }
}

Trading#_checkDelay is used "to prevent profitable opening and closing in the same tx with two different prices in the 'valid signature pool'". This unfortunately doesn't actually prevent this from happening. To take advantage of this the user would just open a long at the lower valid price and a short at the higher valid price. After the delay has ended the user can close both for a guaranteed profit.

Example:
ETH/USD has two valid signed prices. One at 990 and the other at 1010. The user can simultaneously open a 1 ETH short with the 1010 price and a 1 ETH long with the 990 price. Assume that after the block delay the price is 1005. The long can now be closed for a $15 gain an the short can be closed for $5.

Tools Used

Manual Review

Recommended Mitigation Steps

Never allow for there to be more than one valid price for each asset at any given time

[c4-judge]

GalloDaSballo marked the issue as duplicate of #108

[c4-judge]

GalloDaSballo changed the severity to 2 (Med Risk)

[c4-judge]

GalloDaSballo marked the issue as satisfactory