Closed sherlock-admin closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: thats to ensure the order does not expire
Invalid, intended functionality to only count executability time expiration from end of minimum time onwards.
ydlee
medium
The end time of the order's executability age is calculated incorrectly.
Summary
The end time of order's executability age is calculated incorrectly, the result is that the order's executability age gets unexpectedly extended.
Vulnerability Detail
The ending time of order's executability is calculated by
executableAtTime + vault.maxExecutabilityAge()
, which is wrong.https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L650-L658
As shown in FlatcoinVault.sol#L30-L34,
minExecutabilityAge
andmaxExecutabilityAge
are both the amount of time expired between trade announcement and execution.https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L30-L34
While order's
executableAtTime
is calculated by announcement block timestamp plusminExecutabilityAge
([DelayedOrder.sol#L646]()), its ending time should beexecutableAtTime + vault.maxExecutabilityAge() - vault.minExecutabilityAge()
instead.https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L646
Impact
Order's executability age gets unexpectedly extended.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L650-L658
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L30-L34
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L646
Tool used
Manual Review
Recommendation
In function
_prepareExecutionOrder
, calculate the ending executability age of a order asexecutableAtTime + vault.maxExecutabilityAge() - vault.minExecutabilityAge()
.