fillOrder
allow the order to have order.premium == 0
#203
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/src/PuttyV2.sol#L268-L380
Vulnerability details
Impact
The
premium
property of an order define the amount of ETH/ERC20 (it depends onorder.baseAsset
) that the "longer" user has to send to the "shorter" user.Currently, the contract allow having orders with
premium == 0
. This mean that the "shorter" will not be paid to provide the option.Without a premium, the "longer" could use interact with the contract without having anything to lose (they just need to wait for the option to expire).
Proof of Concept
fillOrder()
Tools Used
Manual review + forge test. Here is the test to showcase this issue
Recommended Mitigation Steps
Prevent the user to create off-chain orders with
premium == 0
.Consider adding a check on
fillOder
that will revert iforder.premium == 0
.The text was updated successfully, but these errors were encountered: