Decent Smoke Owl
Medium
If user create two order close in time, the second order may override the first one.
When users create orders, new orderId is generated based on the address of the user and current block.timestamp. If a user create two orders close in time, they may be executed in the same block thus making both orders have the same Id.
function generateOrderId(address sender) external view override returns (uint96) {
uint256 hashedValue = uint256(
keccak256(abi.encodePacked(sender, block.timestamp))
);
return uint96(hashedValue);
} if (existingOrderId == 0) {
existingOrderId = MASTER.generateOrderId(msg.sender);
}
//construct order
orders[existingOrderId] = Order({
orderId: existingOrderId,
takeProfit: takeProfit,
stopPrice: stopPrice,
amountIn: amountIn,
tokenIn: tokenIn,
tokenOut: tokenOut,
recipient: recipient,
takeProfitSlippage: takeProfitSlippage,
feeBips: feeBips,
stopSlippage: stopSlippage,
direction: MASTER.getExchangeRate(tokenIn, tokenOut) > takeProfit //exchangeRate in/out > takeProfit
});N/A
Two separate order creation creation happen in the same block.
First case in which this scenario can happen is if user is using an automation bot to create order and two creations are packed in the same transaction. Another scenario occurs when two separate transactions are included in the same block. This can happen due to network latency or a high volume of transactions offering priority fees to miners, resulting in both transactions being processed later within the same block.
Second order will override the first one which will lead to loss of funds for the user. All funds accounted for the first order will be overriden.
N/A
Consider adding a nonce parameter to the hash. Nonce can be a global or per user.