Reversion in _executeOrderV3 Due to Uninitialized Quote Token Mappings in _validateQuoteTokenAddress Function #612
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
🤖_primary
AI based primary recommendation
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/markets/perp/PerpMarketV1.sol#L167
_validateQuoteTokenAddress](https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/base/BaseMarketUpgradable.sol#L152
Vulnerability details
Impact
The issue in the
_executeOrderV3
function, where the _validateQuoteTokenAddress might cause reversion due to outdated or uninitialized quote token mappings.Proof of Concept
Consider a scenario where a new trading pair is added to the platform, but the quote token address mapping is not updated:
Pair Addition: A new pair, say
ETH/USDT
, is added with a pair ID of 101.User Transaction: A user tries to execute a trade on this new pair using
_executeOrderV3
.Mapping Check: The _validateQuoteTokenAddress checks
_quoteTokenMap[101]
, which is uninitialized (address(0)) because it was never updated after the pair was added.Result: The transaction reverts with "Invalid token address for pair", even though the user's order was valid.
Tools Used
Manual Review
Recommended Mitigation Steps
the
_validateQuoteTokenAddress
function to automatically update the quote token address if it is found to be uninitialized. This ensures that the mapping is always current.Assessed type
Context
The text was updated successfully, but these errors were encountered: