Damp Jade Wasp - Incorrect order execution in Bracket::checkInRange function

[sherlock-admin3]

Damp Jade Wasp

High

Incorrect order execution in Bracket::checkInRange function

Summary

The checkInRange function is designed to determine whether the current exchange rate falls within the specified range defined by the takeProfit and stopPrice parameters. This logic relies on the direction variable, which is set during order creation by comparing the initial exchange rate with the takeProfit value. If direction is true, it indicates that the exchange rate at the time of order creation was greater than the takeProfit value; otherwise, it is false.

While the logic works as expected when direction is false, it fails when direction is true. In such cases, the function incorrectly executes the order when the exchange rate is lower than the takeProfit value. This behavior contradicts the intended functionality, as the order should only execute when the exchange rate is greater than or equal to the takeProfit value or when it meets the stop-loss condition (exchangeRate >= order.stopPrice).

Root Cause

https://github.com/sherlock-audit/2024-11-oku/blob/ee3f781a73d65e33fb452c9a44eb1337c5cfdbd6/oku-custom-order-types/contracts/automatedTrigger/Bracket.sol#L595-L598

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

This flawed implementation creates a scenario where orders are triggered prematurely or inaccurately when direction is true,

PoC

No response

Mitigation

-    if (exchangeRate <= order.takeProfit)
+    if (exchangeRate <= order.takeProfit)

[bugvorus]

@sherlock-admin
when direction== true, the current logic implementation leads to missed trade execution. How can this be invalid?