outdoteth
commented
2 years ago It's only necessary to save the floorAssetTokenIds in exercise() for a put option since we need to track which floor assets can be withdrawn in withdraw().
It's not necessary to do this for call options that are exercised because their floorTokenIds are saved in fillOrder() so, for call options, we are already tracking which floor assets can be withdrawn in withdraw().
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L447
Vulnerability details
Impact
The flow in exercise() as documented in https://github.com/code-423n4/2022-06-putty/blob/main/contracts/spec/exercise.md expects the
save floor asset token ids to short positionbefore transfer transactions. However, for call option in https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L422-L443 does not have its floor asset token ids save to the short position.This means call options floor asset tokens will not have short positions
Tools Used
Manual review
Recommended Mitigation Steps
Ensure the checks-effects-interactions pattern is implemented as documented.