OrderBook

First Flight #43

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: medium

Invalid

H-02 Irregular `_deadlineDuration` Setting Will Cause Sell Orders to Expire Immediately, Preventing Buyers from Successfully Completing Transactions!

0x996

Root + Impact

Description

In the createSellOrder function, there is no handling for the minimum value of _deadlineDuration, which causes the sell order to expire immediately, preventing the buyer from successfully completing the transaction! This breaks the expected functionality of the protocol!!

function createSellOrder(

address _tokenToSell, // Token choice: the seller selects a supported token (wETH, wBTC, or wSOL).

uint256 _amountToSell, // Amount of tokens to sell (must be > 0).

uint256 _priceInUSDC, // Total price (USDC, must be > 0).

uint256 _deadlineDuration // Order validity period (maximum of 3 days).

) public returns (uint256) {

Risk

Likelihood:

Reason 1: Ordinary seller's erroneous operation, setting _deadlineDuration to an extremely small value!

Impact:

Impact 1: Causes the sell order to expire immediately after creation, preventing the buyer from successfully completing the transaction!

Proof of Concept

function test_deadlineDuration() public {

// NOTE: SellOrder

vm.startPrank(alice);

wbtc.approve(address(book), 2e8);

// INFO:

uint256 aliceId = book.createSellOrder(address(wbtc), 2e8, 1e6, 1);

vm.stopPrank();

// NOTE: BuyOrder

vm.startPrank(dan);

usdc.approve(address(book), 200_000e6);

// INFO: Purchase fails

vm.expectRevert();

book.buyOrder(aliceId); // dan buys from alice

vm.stopPrank();

}

Output

│ ├─ emit OrderFilled(orderId: 1, buyer: will_buy_orders: [0x9E0e95D768E723C2c0b2e518C46786e60c9A86fD], seller: will_sell_wbtc_order: [0xaf6db259343D020E372F4ab69cAd536aAf79D0ac])

│ └─ ← [Stop]

└─ ← [Revert] next call did not revert as expected

Recommended Mitigation

Handle the minimum value of _deadlineDuration to ensure that the value of _deadlineDuration is reasonable!

Updates

Lead Judging Commences

yeahchibyke Lead Judge

4 months ago

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

0x996 Submitter

4 months ago

yeahchibyke Lead Judge

4 months ago

0x996 Submitter

4 months ago

yeahchibyke Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

217

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.