code-423n4 / 2022-06-putty-findings

5 stars 0 forks source link

The order maker can cancel the order, after it has been filled. #236

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L526-L535

Vulnerability details

Impact

There is no control code in the function cancel() to determine which status can be canceled. If the order maker cancels the order through an attacking contract after it has been filled. There will be ambiguity in contract logic -- a canceled order will still be executed.

Recommended Mitigation Steps

Add order status variable to struct order and add control process.

outdoteth commented 2 years ago

Duplicate: Order can be cancelled even if order was already filled: https://github.com/code-423n4/2022-06-putty-findings/issues/396

HickupHH3 commented 2 years ago

Warden did not submit other issues; this is his QA report