OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

### Sell Order Deadline Can Be Extended Indefinitely, Bypassing Deadline Restrictions

player

Description

In the OrderBook.sol::amendSellOrder function, sellers are allowed to amend their existing sell orders, including updating the deadline. However, the function currently lacks a mechanism to prevent sellers from repeatedly extending the deadline. By calling this function multiple times, a seller can continuously increase the order's deadline without restriction, effectively bypassing the intended maximum deadline constraint.

if (_newDeadlineDuration == 0 || _newDeadlineDuration > MAX_DEADLINE_DURATION) revert InvalidDeadline();
uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration; // @audit Deadline can be extended indefinitely via repeated amendments
IERC20 token = IERC20(order.tokenToSell);

Risk

Because there's no upper bound on the cumulative deadline over multiple amendments, sellers can perpetually delay the expiration of their orders. This undermines the deadline enforcement mechanism intended by the contract.

Likelihood

This issue can be triggered every time a seller invokes the amendSellOrder function and provides a new duration close to the MAX_DEADLINE_DURATION, effectively resetting the deadline over and over.

Impact

The seller can extend the order's deadline indefinitely by repeatedly amending the order with durations just under the maximum allowed. This violates the MAX_DEADLINE_DURATION invariant and allows sell orders to remain active indefinitely, which may have implications for market fairness and gas efficiency.

Proof of Concept

Add the following test case to TestOrderBook.t.sol, and run it using the command:
forge test --mt test_amendSellOrderWithInfiniteDeadline -vvv

function test_amendSellOrderWithInfiniteDeadline() public {
// Alice creates a sell order for WBTC
vm.startPrank(alice);
wbtc.approve(address(book), 2e8);
uint256 aliceId = book.createSellOrder(address(wbtc), 2e8, 180_000e6, 2 days);
vm.stopPrank();
// Fast-forward time by 1 day
vm.warp(block.timestamp + 1 days);
// Alice amends her sell order and extends the deadline
vm.prank(alice);
book.amendSellOrder(aliceId, 1.75e8, 175_000e6, 2.5 days); // Extends the deadline again
string memory aliceOrderDetails = book.getOrderDetailsString(aliceId);
console2.log(aliceOrderDetails);
assert(wbtc.balanceOf(alice) == 0.25e8);
assert(wbtc.balanceOf(address(book)) == 1.75e8);
}

Output

forge test --mt test_amendSellOrderWithInfiniteDeadline -vvv
[⠔] Compiling 41 files with Solc 0.8.26
Compiler run successful!
Ran 1 test for test/TestOrderBook.t.sol:TestOrderBook
[PASS] test_amendSellOrderWithInfiniteDeadline() (gas: 252250)
Logs:
Order ID: 1
Seller: 0xaf6db259343d020e372f4ab69cad536aaf79d0ac
Selling: 175000000 wBTC
Asking Price: 175000000000 USDC
Deadline Timestamp: 302401
Status: Active
Suite result: ok. 1 passed; 0 failed; 0 skipped

Recommended Mitigation

Introduce an additional check in the amendSellOrder function to ensure that the new cumulative deadline does not exceed the MAX_DEADLINE_DURATION from the order’s original creation time or block timestamp.

Example mitigation:

uint256 newDeadlineTimestamp = block.timestamp + _newDeadlineDuration;
+ require(newDeadlineTimestamp + deadlineTimestamp <= MAX_DEADLINE_DURATION, "Exceeded max deadline duration");

This ensures that regardless of how many times the deadline is amended, the total duration never exceeds the predefined maximum.

Updates

Lead Judging Commences

yeahchibyke Lead Judge
4 months ago
yeahchibyke Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.