Range set to 0 in setLimitOrderPriceRange() can cause issues in executeLimitOrder() #619
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate-377
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L939
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L496
Vulnerability details
Impact
Can cause issues in executeLimitOrder() to always revert unless price = trade.price
Proof of Concept
-Set _range to 0 in setLimitOrderPriceRange() in https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L939
-This then causes executeLimitOrder() to always revert unless price = trade.price via https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L496
Tools Used
None
Recommended Mitigation Steps
Add in a check so that _range cannot be 0 in setLimitOrderPriceRange()
The text was updated successfully, but these errors were encountered: