Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR makes order creation and deletion non reentrant using OpenZeppelin's dedicated contract.
This allows us to send ETH to users without worrying about reentrancy attacks without worrying about keeping all existing function reentrancy safe.
The drawback is a very high extra execution cost of about 2500 gas (details).
The code that is being replaced by this PR is reentrancy safe but a user could lose funds if creating an order from a smart contract that has a complicated receive function.
Context: discussion in #7, especially this thread and this thread.
Before auditing starts I plan to remove the reentrancy guard by auditing the contract's reentrancy risks ourselves.
Test plan
Unit tests.