Rural Mahogany Terrier
High
AutomationMaster.sol#generateOrderId generates the same order id for different orders created in the same block that lead to collitions that lock user funds because then will be impossible to cancel and refund the user.
in AutomationMaster.sol:91 it uses a hash of 2 parameters: msg.sender and block.timestamp to create an order id but the problem is that those 2 parameters remain the same within a block so all orders created by the user and mined in the same block will have the same order id that will generate collitions problems .
No response
- Same user orders need to be mined in the same block
- User create 5 orders, can be in the same transaction or in different transactions
- The 5 orders are mined in the same block
- User won't be able to cancel the first 4 and will have the funds used lock.
The users will loss the funds of all the orders created and mined in the same block except for the last one.
No response
To mitigate this probem the protocols needs to generate a unique identifier with no collitions, in my opinion would be that the AutomationMaster should have an incremental order id (uint256) that increments by one in each order created.