Description

The contracts support a quarterly buyback mechanism where users (particularly large investors or institutions) can deposit USDz along with an asking price. Users must set a minimum lock time (expirationTime) for their offer. The current implementation allows users to cancel their offer and withdraw USDz once the expirationTime has passed. However, the fillOffer function does not check whether an offer has expired before attempting to fulfill it.

If a stale order (an order past its expirationTime) is filled, this can lead to incorrect or unintended protocol behavior.

Impact

Fulfilling a stale order can create inconsistencies and potential financial risks for users and the protocol. While most users are expected to set their offer price at 1 USDC, this issue may affect users setting prices lower than 1 USDC.

Recommendations

Add an expirationTime check to the fillOffer function to ensure that only valid, non-expired offers are filled. This change aligns with the expected protocol behavior and safeguards against filling stale orders.

Remediation

This issue has been acknowledged by Anzen Labs Inc., and a fix was implemented in commit b04094a9↗.