The contract allows sellers to list orders with a deadline. If the deadline passes, the order should no longer be fillable and sellers should be able to cancel and reclaim their tokens.
Specific Issue
The fillOrder()
function does not verify whether the current timestamp is within the valid order window. This allows buyers to fill orders even after expiration, which contradicts the seller’s intent and bypasses deadline enforcement.
Likelihood:
High – the lack of a timestamp check makes all expired orders vulnerable under normal use conditions.
Impact:
Violates seller expectations and protocol design
Enables stale trades, which can cause financial loss
Undermines trust and fairness in peer-to-peer trading
This Foundry test simulates a buyer filling an order after the deadline has passed—violating the seller’s expectations and revealing a missing expiration check in fillOrder()
.
To prevent expired orders from being filled, enforce a timestamp check directly within fillOrder()
to validate order freshness.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.