outdoteth
commented
2 years ago Short call with floorTokens will result in a revert when exercising: https://github.com/code-423n4/2022-06-putty-findings/issues/369
Closed code423n4 closed 2 years ago
outdoteth
commented
2 years ago Short call with floorTokens will result in a revert when exercising: https://github.com/code-423n4/2022-06-putty-findings/issues/369
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L268-L380
Vulnerability details
The solution is not supporting maker shorting a call of
NfloorToken (although platform declare it support all four types: short\long call\put)Proof of Concept
Exercising an option is done one-sided by the long taker, at this point the floorToken(s) should be transferred to him, but maker does not have the chance to specify what token_id(s) he want to use as 'floor' (the cheapest). no code to collateralize the maker possition is present in the solution.
Discussing with developers over DM on discord - verifies that shorting a call with floorToken is currently impossible.
Recommended Mitigation Steps
Maker can be collateralize with any
Nitems from the collection, and have a chance to later send the cheapest, in replace of the collateral. In this manner, the collateral is guaranteed to cover theNfloorTokens - in the worst case the most cheap items are the collateral itself. If maker is not sending cheaper items in the agreed time period - the taker can just take theNcollateralized items.