Platform: Code4rena
Start Date: 29/06/2022
Pot Size: $50,000 USDC
Total HM: 20
Participants: 133
Period: 5 days
Judge: hickuphh3
Total Solo HM: 1
Id: 142
League: ETH
Rank: 46/133
Findings: 1
Award: $110.36
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: codexploder
Also found by: ACai, Critical, cccz, horsefacts, ignacio, shenwilly, unforgiven, xiaoming90
110.3615 USDC - $110.36
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L287
A malicious maker can set a minimum order duration as 0 which means order will instantly expire after filling. Taker will get only the withdraw option and that too with fees on strike price, thus forcing the taker to lose money in this meaningless transaction
!. Maker creates an order with zero Order duration 2. Taker fills this order but the order instantly expires since duration was 0 3. Taker gets the only option to withdraw with fees on strike price
Enforce atleast x days of duration
#0 - outdoteth
2022-07-06T19:44:07Z
Duplicate: Orders with low durations can be easily DOS’d and prevent possibility of exercise: https://github.com/code-423n4/2022-06-putty-findings/issues/265
#1 - outdoteth
2022-07-15T10:26:56Z
PR with fix: https://github.com/outdoteth/putty-v2/pull/7