search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

Afriauditor - In the FlatcoinVault.setExecutabilityAge add an extra check #280

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 8 months ago

Afriauditor

medium

In the FlatcoinVault.setExecutabilityAge add an extra check

Summary

In FlatcoinVault.setExecutabilityAge add extra check to ensure that _maxExecutabilityAge is greater than _maxExecutabilityAge

Vulnerability Detail

/// @notice The minimum time that needs to expire between trade announcement and execution. uint64 public minExecutabilityAge;

/// @notice The maximum amount of time that can expire between trade announcement and execution.
uint64 public maxExecutabilityAge;

both parameters check time expiration from trade announcement time. mix up of this value will lead to execuitablilty period being 0 thus affecting trade execution

Impact

DoS as a lack of execuitability period will hinder trade execution

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L417

Tool used

Manual Review

Recommendation

add if (_maxExecutabilityAge < minExecutabilityAge ) revert

sherlock-admin commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 7 months ago

Same reasonings as #109