Skip to content

fix: add consistency of orderData#195

Closed
rymcol wants to merge 1 commit into
canaryfrom
bugfix/audit/c-2
Closed

fix: add consistency of orderData#195
rymcol wants to merge 1 commit into
canaryfrom
bugfix/audit/c-2

Conversation

@rymcol

@rymcol rymcol commented Sep 24, 2025

Copy link
Copy Markdown
Contributor

Description

fixes certain edge cases where orderData could come up with an incorrect orderId or fill deadline

Motivation and Context

We do not want inconsistencies in orderData (provided vs stored). This is meant to ensure that is checked.

How Has This Been Tested?

manually

Types of changes (remove all unchecked types)

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Style (style only changes)
  • Docs
  • Refactor (code that does not add new functionality nor fixes a bug)

Checklist:

  • If my change requires a change to the documentation, I have updated the documentation accordingly, and in either case, have checked this box to attest to my assessment of this requirement with regard to my change.
  • If my change requires additions or updates to any deployment scripts to ensure that the protocol is functional (Makefile, Dockerfile, Forge Script, etc.), I have made these changes, and in either case, have checked this box to attest to my assessment of this requirement with regard to my change.
  • If my change requires additional test coverage, I have created those tests accordingly, and in either case, have checked this box to attest to my assessment of this requirement with regard to my change.

@rymcol
fix: add consistency of orderData
aabed1e 
in certain edge cases, orderData could come up with an incorrect orderId or fill deadline
@rymcol rymcol requested review from evchip and kss-t1 September 24, 2025 16:19
@rymcol rymcol self-assigned this Sep 24, 2025
evchip
evchip requested changes Sep 25, 2025
View reviewed changes

@evchip evchip left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please run forge fmt to lint the contracts?

Comment thread contracts/src/7683/T1ERC7683.sol
Comment on lines +30 to +32
/// Custom Errors
error InvalidSender(bytes32 provided, address expected);
error InvalidFillDeadline(uint32 provided, uint32 expected);

@evchip evchip Sep 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

natspec comments please

Comment thread contracts/src/7683/T1ERC7683.sol
Comment on lines +115 to +120
// Encode a modified OrderData instead of _order.orderData to keep context clean across instances
OrderData memory orderData = OrderEncoder.decode(_order.orderData);
orderData.fillDeadline = _order.fillDeadline; // Use the resolved fillDeadline
orderData.sender = TypeCasts.addressToBytes32(msg.sender); // Use the resolved sender

openOrders[orderId] = abi.encode(_order.orderDataType, orderData); // must not use _orderData for consistency

@evchip evchip Sep 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this level of inline comments feels excessive. I feel that the code is fairly clear already.

Comment thread contracts/src/7683/T1ERC7683.sol
openOrders[orderId] = abi.encode(_order.orderDataType, _order.orderData);
// Encode a modified OrderData instead of _order.orderData to keep context clean across instances
OrderData memory orderData = OrderEncoder.decode(_order.orderData);
orderData.fillDeadline = _order.fillDeadline; // Use the resolved fillDeadline

@evchip evchip Sep 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't the resolved fillDeadline. that would be resolvedOrder.fillDeadline. Is this intentional?

Comment thread contracts/src/7683/T1ERC7683.sol
// Encode a modified OrderData instead of _order.orderData to keep context clean across instances
OrderData memory orderData = OrderEncoder.decode(_order.orderData);
orderData.fillDeadline = _order.fillDeadline; // Use the resolved fillDeadline
orderData.sender = TypeCasts.addressToBytes32(msg.sender); // Use the resolved sender

@evchip evchip Sep 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't the resolved sender. that would be resolvedOrder.user

Comment thread contracts/src/7683/T1ERC7683.sol
Comment on lines +157 to +161
// Encode the modified OrderData (orderDataResolved) instead of orderDataOriginal
OrderData memory orderData = OrderEncoder.decode(_order.orderData);
orderData.fillDeadline = resolvedOrder.fillDeadline; // Use the resolved fillDeadline
orderData.sender = TypeCasts.addressToBytes32(_order.user); // Use the resolved sender
openOrders[orderId] = abi.encode(_order.orderDataType, OrderEncoder.encode(orderData));

@evchip evchip Sep 25, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comments here

@rymcol rymcol closed this Sep 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evchip evchip evchip requested changes

@kss-t1 kss-t1 Awaiting requested review from kss-t1

Assignees

@rymcol rymcol

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rymcol @evchip