Tame Foggy Pony
High
No response
The order ID generation is done as follows:
function generateOrderId(address sender) external view override returns (uint96) {
uint256 hashedValue = uint256(keccak256(abi.encodePacked(sender, block.timestamp)));
return uint96(hashedValue);
}This means that when sender batches 2 transactions, they will both have the same ID due to the same sender and same block.timestamp.
No response
No response
- Bob has a hanging approval for
StopLimit - Alice creates an order setting Bob as recipient which transfers his token into the contract:
tokenIn.safeTransferFrom(recipient, address(this), amountIn);- Alice creates a 2nd order for Bob, this time for a small amount of tokens, batching both in the same transaction
- Bob can not cancel his first order as it was overwritten
It can also happen accidentally by Bob creating 2 transactions and the first one being overwritten. This results in stuck funds for Bob. Note that this is not a user error as he did nothing wrong and used the system as intended.
Bob will have stuck funds that he can not claim
No response
Change the ID generation or check that this is indeed a unique ID