executeLimitOrder() lack check slPrice #353
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-512
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L480
Vulnerability details
Impact
in executeLimitOrder() :
The final price of LimtOrder is uncertain, although it is limited to a certain range (limitOrderPriceRange)
but the final price is not guaranteed to meet the Stop loss price so it is still necessary to check
note:addToPosition() maybe has same problem, it will change price , Checking the slPrice again also feels reasonable
Proof of Concept
Tools Used
Recommended Mitigation Steps
add check
The text was updated successfully, but these errors were encountered: