jennifer37 - Wrong order expired timestamp calculation

[sherlock-admin]

jennifer37

medium

Wrong order expired timestamp calculation

Summary

Wrong order expired timestamp calculation

Vulnerability Detail

In FlatcoinVault's description, maxExecutabilityAge means maximum amount of time that can expire between trade announcement and execution.

• Alice announces one order in timestampA. The expected expired timestamp should be timestampA + maxExecutabilityAge
• executableAtTime is marked at timestampA + minExecutabilityAge
• In Function hasOrderExpired(), we calculate executableAtTime + maxExecutabilityAge as the expired timestamp, which is larger than expected expired timestamp.

Impact

Unexpected order expired check compared with origin design.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L674-L680

Tool used

Manual Review

Recommendation

Duplicate of #165

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid