Closed code423n4 closed 2 years ago
Why would a user willingly accept a malicious order?
Duplicate: Setting malicious or invalid erc721Assets, erc20Assets or floorTokens prevents the option from being exercised: https://github.com/code-423n4/2022-06-putty-findings/issues/50
Why would a user willingly accept a malicious order?
Because FOMO and... you know, problem between keyboard and chair :p
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L268
Vulnerability details
Impact
Since both strike and premium amount can be zero, a malicious user can create order with malicious tokens which are free to grab
Proof of Concept
Recommended Mitigation Steps
Ensure both strike amount and premium amount are greater than 0