OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Order Amendment Allows Deadline Extension Beyond Maximum

khandelwalmoksh787

Root + Impact - The amendSellOrder function allows sellers to extend order deadlines beyond the maximum intended duration by repeatedly amending orders, breaking the protocol's time constraints.

Description

  • The protocol enforces a maximum deadline duration of 3 days (MAX_DEADLINE_DURATION = 3 days) to prevent stale orders

  • When amending orders, the new deadline is calculated from the current block.timestamp, not from the original order creation time, allowing unlimited deadline extensions

function amendSellOrder(
uint256 _orderId,
uint256 _newAmountToSell,
uint256 _newPriceInUSDC,
uint256 _newDeadlineDuration
) public {
// ... validation checks ...
if (_newDeadlineDuration == 0 || _newDeadlineDuration > MAX_DEADLINE_DURATION) revert InvalidDeadline();
uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration; // @> Uses current time, not original creation time
// ... token handling ...
order.deadlineTimestamp = newDeadlineTimestamp; // @> Can extend beyond original max lifetime
// ... rest of function
}

Risk

Likelihood:

  • Sellers frequently amend orders to adjust prices based on market conditions

  • No tracking of original order creation timestamp

Impact:

  • Orders can remain active indefinitely, defeating the stale order prevention mechanism

  • Creates unfair advantage for sellers who can keep outdated prices active

Proof of Concept - The following scenario demonstrates how deadline extension can be exploited indefinitely:

// Scenario demonstrating unlimited deadline extension:
// 1. Day 0: Create order with 3-day deadline (expires Day 3)
// 2. Day 2.5: Amend order with new 3-day deadline (now expires Day 5.5)
// 3. Day 5: Amend order again with 3-day deadline (now expires Day 8)
// 4. Process can continue indefinitely
// 5. Order lifetime exceeds intended 3-day maximum
contract TestDeadlineExtension {
uint256 constant MAX_DEADLINE_DURATION = 3 days;
function demonstrateUnlimitedExtension() public view returns (uint256[] memory) {
uint256[] memory deadlines = new uint256[](3);
// Original order creation
uint256 creationTime = block.timestamp;
deadlines[0] = creationTime + MAX_DEADLINE_DURATION; // Day 3
// First amendment after 2.5 days
uint256 firstAmendTime = creationTime + 2.5 days;
deadlines[1] = firstAmendTime + MAX_DEADLINE_DURATION; // Day 5.5
// Second amendment after 5 days
uint256 secondAmendTime = creationTime + 5 days;
deadlines[2] = secondAmendTime + MAX_DEADLINE_DURATION; // Day 8
// Total order lifetime: 8 days instead of max 3 days
return deadlines;
}
}

Recommended Mitigation - Track the original creation timestamp and enforce the maximum lifetime from the original creation date:

struct Order {
uint256 id;
address seller;
address tokenToSell;
uint256 amountToSell;
uint256 priceInUSDC;
uint256 deadlineTimestamp;
+ uint256 creationTimestamp; // Track original creation time
bool isActive;
}
function createSellOrder(/*params*/) public returns (uint256) {
// ... validation and token transfer ...
orders[orderId] = Order({
id: orderId,
seller: msg.sender,
tokenToSell: _tokenToSell,
amountToSell: _amountToSell,
priceInUSDC: _priceInUSDC,
deadlineTimestamp: deadlineTimestamp,
+ creationTimestamp: block.timestamp,
isActive: true
});
// ... rest of function
}
function amendSellOrder(/*params*/) public {
// ... validation checks ...
+ // Ensure total order lifetime doesn't exceed maximum
+ uint256 maxAllowedDeadline = orders[_orderId].creationTimestamp + MAX_DEADLINE_DURATION;
+ uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration;
+ if (newDeadlineTimestamp > maxAllowedDeadline) revert InvalidDeadline();
- uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration;
// ... rest of function
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

khandelwalmoksh787 Submitter
about 1 month ago
yeahchibyke Lead Judge
about 1 month ago
yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.