You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When _amountInDelta is not equal to 0 (position adjustment scenario):
If the user is reducing their position, the contract will perform a refund and then validate the _takeProfitSlippage, _stopSlippage, and _swapSlippage parameters using the condition <= 10000. This require statement ensures that whenever a user reduces their position, the slippage parameters—whether changed or not—must meet the limit conditions.
2. When _amountInDelta equals 0 (no position adjustment):
In this case, where the user only modifies other parameters of the order (e.g., _takeProfit, _stopLimitPrice, _swapOnFill, etc.) without adjusting the position size, the entire code block within the if (_amountInDelta != 0) condition will not execute. As a result, the slippage validation checks within this block will also not be triggered.
3. After the if (_amountInDelta != 0) block:
The contract directly creates a new Order struct without introducing any additional slippage checks. This means that if the user does not modify the position size, they can pass arbitrary values for _takeProfitSlippage, _stopSlippage, and _swapSlippage (even values exceeding 10000), and the contract will not throw an error.
This behavior creates a vulnerability where users can bypass slippage validations when not adjusting position size, potentially compromising the contract’s safeguards against excessive slippage. It is recommended to add a slippage validation check outside the if (_amountInDelta != 0) block to prevent this issue.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered:
Bumpy Boysenberry Goblin
High
{actor} will {impact} {affected party}
Summary
https://github.com/sherlock-audit/2024-11-oku/blob/ee3f781a73d65e33fb452c9a44eb1337c5cfdbd6/oku-custom-order-types/contracts/automatedTrigger/StopLimit.sol#L191
In the modifyOrder function, if the value of _amountInDelta is 0, the validation checks for parameters like takenProfitSlippage, stopSlippage, and swapSlippage (e.g., <= 10000) are not executed. This could allow users to bypass the slippage parameter checks without increasing or reducing their position, potentially leading to situations where the contract’s intended safeguards against invalid slippage values are circumvented.
Root Cause
If the user is reducing their position, the contract will perform a refund and then validate the _takeProfitSlippage, _stopSlippage, and _swapSlippage parameters using the condition <= 10000. This require statement ensures that whenever a user reduces their position, the slippage parameters—whether changed or not—must meet the limit conditions.
2. When _amountInDelta equals 0 (no position adjustment):
In this case, where the user only modifies other parameters of the order (e.g., _takeProfit, _stopLimitPrice, _swapOnFill, etc.) without adjusting the position size, the entire code block within the if (_amountInDelta != 0) condition will not execute. As a result, the slippage validation checks within this block will also not be triggered.
3. After the if (_amountInDelta != 0) block:
The contract directly creates a new Order struct without introducing any additional slippage checks. This means that if the user does not modify the position size, they can pass arbitrary values for _takeProfitSlippage, _stopSlippage, and _swapSlippage (even values exceeding 10000), and the contract will not throw an error.
This behavior creates a vulnerability where users can bypass slippage validations when not adjusting position size, potentially compromising the contract’s safeguards against excessive slippage. It is recommended to add a slippage validation check outside the if (_amountInDelta != 0) block to prevent this issue.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: