Submission Details
Impact:
Likelihood:
Deadline Extension via Amend Order Function Defeats the Purpose of Deadline
# Deadline Extension via Amend Order Function Defeats the Purpose of Deadline
## Description
The `amendSellOrder()` function allows sellers to increment the order's deadline for up to 3 days from the current block timestamp. This can be abused to indefinitely prolong an order's lifetime by continuously extending the deadline.
```solidity
// @> order.deadlineTimestamp = block.timestamp + _newDeadlineDuration;
```
## Risk
**Likelihood**:
* Happens when sellers intentionally keep re-extending deadline.
* Happens any time before expiry, since it’s allowed unconditionally.
**Impact**:
* Defeats the purpose of having expiration semantics.
## Proof of Concept
Create a sell order then **repeatedly amend** it by adding up to 3 more days each time — effectively **keeping the order alive forever** and bypassing the `MAX_DEADLINE_DURATION` restriction.
```solidity
// Create initial order with 10s deadline
orderBook.createSellOrder(
address(wETH), // Token
1e18, // Amount
100e6, // Price (100 USDC)
3 days // Deadline duration = 3 days
);
```
```solidity
orderBook.amendSellOrder(
1, // Order ID
1e18, // Same amount
100e6, // Same price
3 days // Extend by max allowed
);
```
## Recommended Mitigation
Cap amendments so the new deadline is not further than `originalDeadline + 3 days`.
```diff
- uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration;
+ require(block.timestamp + _newDeadlineDuration <= order.deadlineTimestamp + MAX_DEADLINE_DURATION, "Too far");
```
Rewards breakdown
nSLOC
217This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.