Platform: Code4rena
Start Date: 29/06/2022
Pot Size: $50,000 USDC
Total HM: 20
Participants: 133
Period: 5 days
Judge: hickuphh3
Total Solo HM: 1
Id: 142
League: ETH
Rank: 41/133
Findings: 2
Award: $131.53
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: codexploder
Also found by: ACai, Critical, cccz, horsefacts, ignacio, shenwilly, unforgiven, xiaoming90
110.3615 USDC - $110.36
It should add require(order.duration > 0); into the fillOrder function. Because while order.duration == 0 , the order is meaningless.
#0 - outdoteth
2022-07-07T19:16:24Z
It should add require(order.duration > 0); into the fillOrder function. Because while order.duration == 0 , the order is meaningless.
Duplicate: Orders with low durations can be easily DOS’d and prevent possibility of exercise: https://github.com/code-423n4/2022-06-putty-findings/issues/265
#1 - HickupHH3
2022-07-15T02:54:56Z
dup of #107
🌟 Selected for report: GalloDaSballo
Also found by: 0v3rf10w, 0x1f8b, 0xA5DF, 0xDjango, 0xHarry, 0xKitsune, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, 0xsanson, ACai, Aymen0909, Bnke0x0, BowTiedWardens, Chom, ElKu, Fitraldys, Funen, Haruxe, Hawkeye, IllIllI, JC, JohnSmith, Kaiziron, Kenshin, Lambda, Limbooo, MadWookie, Metatron, MiloTruck, Picodes, PwnedNoMore, Randyyy, RedOneN, ReyAdmirado, Ruhum, Sm4rty, StErMi, StyxRave, TerrierLover, TomJ, Tomio, UnusualTurtle, Waze, Yiko, _Adam, __141345__, ajtra, ak1, apostle0x01, asutorufos, c3phas, cRat1st0s, catchup, codetilda, cryptphi, datapunk, defsec, delfin454000, durianSausage, exd0tpy, fatherOfBlocks, gogo, grrwahrr, hake, hansfriese, horsefacts, ignacio, jayfromthe13th, joestakey, ladboy233, m_Rassska, mektigboy, minhquanym, mrpathfindr, natzuu, oyc_109, rajatbeladiya, reassor, rfa, robee, rokinot, sach1r0, saian, sashik_eth, simon135, slywaters, swit, z3s, zeesaw, zer0dot
21.1705 USDC - $21.17
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L556-L559
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L594-L602
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L611-L613
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L627-L629
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L637-L639
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L647-L649
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L647-L649
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L647-L649
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L728-L733
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L742-L747
change
for (uint256 i = 0; i < orders.length; i++) { positionIds[i] = fillOrder(orders[i], signatures[i], floorAssetTokenIds[i]); }
into
uint256 len = orders.length; for (uint256 i = 0; i < len; ++i) { positionIds[i] = fillOrder(orders[i], signatures[i], floorAssetTokenIds[i]); } // or uint256 len = orders.length; for (uint256 i = 0; i < len;) { positionIds[i] = fillOrder(orders[i], signatures[i], floorAssetTokenIds[i]); unchecked{++i;} }
exercise, withdraw, batchFillOrder, acceptCounterOffer, domainSeparatorV4, tokenURI