The _nextOrderId was set uint256 sizes,can be controlled the by seller when they try to create a new sell order,but the source codes didn't check the value of _nextOrderId,so when the value was added to 2^256 - 1, the value of _nextOrderId will overflow,but on Solidity ^0.8.0 will prevent overflow from happening and stop the code from running by throwing an exception that createSellOrder function will not running successful forever.
Other bug is the nextOrderId++ was running before transfer that attacker can maliciously accumulate _nextOrderId values through unsuccessful transactions to make DDOS attacks more rapid.
Impact:
DDOS attack
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
View preliminary resultsAppeals are being carefully reviewed by our judges.
The contest is complete and the rewards are being distributed.