outdoteth
commented
2 years ago If the order's strike price is 0, then the protocol will not collect a fee.
I'm don't understand what the issue is here. What is the exploit?
Closed code423n4 closed 2 years ago
outdoteth
commented
2 years ago If the order's strike price is 0, then the protocol will not collect a fee.
I'm don't understand what the issue is here. What is the exploit?
HickupHH3
commented
2 years ago Zero strike options are a feature, and is an accepted derivative: https://fincyclopedia.net/derivatives/z/zero-strike-call-option
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L495-L506
Vulnerability details
Impact
If the order's strike price is 0, then the protocol will not collect a fee.
Proof of Concept
When settling an order on-chain with
fillOrder(), if the value oforder.strikeis 0 then the protocol fee, which is calculated inwithdraw(), will equal 0 since it is derived from theorder.strikeamount.Additionally, since the library safeTransferLib (which is used to transfer ERC20's) allows transfers of 0 amounts, orders with 0 strike and/or 0 premium values will not revert.
Tools Used
VSCode
Recommended Mitigation Steps
Consider adding require statments in
fillOrder()to ensure thatorder.strikeandorder.premiumare > 0.