In FlatcoinVault's description, maxExecutabilityAge means maximum amount of time that can expire between trade announcement and execution.
Alice announces one order in timestampA. The expected expired timestamp should be timestampA + maxExecutabilityAge
executableAtTime is marked at timestampA + minExecutabilityAge
In Function hasOrderExpired(), we calculate executableAtTime + maxExecutabilityAge as the expired timestamp, which is larger than expected expired timestamp.
Impact
Unexpected order expired check compared with origin design.
jennifer37
medium
Wrong order expired timestamp calculation
Summary
Wrong order expired timestamp calculation
Vulnerability Detail
In FlatcoinVault's description, maxExecutabilityAge means maximum amount of time that can expire between trade announcement and execution.
Impact
Unexpected order expired check compared with origin design.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L674-L680
Tool used
Manual Review
Recommendation
Duplicate of #165