Root + Impact

Normal behavior And Vulnerability:

• The system is expected to enforce strict expiry logic — once an order's deadlineTimestamp passes, it should be irreversibly expired and unusable.

• The amendSellOrder() function contains a check
  if (block.timestamp >= order.deadlineTimestamp) revert OrderExpired();
  However, the isActive flag is never updated when a deadline is passed. This means expired orders remain "active" in storage and can be reactivated through amendment.

DESCRIPTION

Normally, once an order's deadlineTimestamp has passed, it is considered expired and should no longer be modifiable or fillable. However, the current logic does not update the isActive flag or cleanly enforce expiration.

This creates a dangerous loophole: expired orders remain "active" and can be amended with new deadlines and prices — effectively resurrecting stale orders, undermining the trust and predictability of time-based expiry.

Risk

Likelihood:

• Common: Sellers may unknowingly (or maliciously) revive old orders that users assumed expired.

• Easy to exploit: Sellers simply call amendSellOrder with a new deadline.

Impact:

• Buyers may fill stale orders with outdated terms.

• Undermines integrity of the on-chain deadline mechanism.

• Possible regulatory or compliance concern in high-value DeFi use.

Proof of Concept

Explanation: No persistent state tracks that the deadline passed; the order remains amendable forever unless explicitly cancelled or filled.

Recommended Mitigation

Enforce strict expiry rules by marking expired orders as inactive across the board. Suggested fix in buyOrder and other flows:

And similarly update getOrderDetailsString, amendSellOrder, and other views to ensure consistent isActive logic.