Orders with forever durations presented an interesting "attack vector" by which someone watching our books could have made a copy of all the orders, allowing them to wait to fill certain orders after significant favorable price movements.


It's highly unlikely this would happen as quite a few factors would have to align for this attack vector to occur. However, we decided it was safest to simply remove the option of forever order durations. 


Example


User A places a sell order on our book with a duration of forever for 100 ZRX at a price of .0015 ETH. They forget about this order and remove the ZRX from their wallet pruning this order from our books.


User B makes a copy of this order before it is pruned and watches the User A's address. 


Some time passes and the market price of ZRX is now .002 ETH. User A transfers 100 ZRX back into that wallet forgetting about the forever order they placed. This makes that order valid again.


User B sees that User A refunded the order making it valid and now passes the order into the 0x contracts to fill it at the old price of .0015 ETH, immediately realizing a profit of the difference between the current market price and the order price.


What should I do if I placed a forever order?


If you are worried about this potential attack, visit the account page on Radar and cancel any forever orders you have. Because this isn't necessarily time-sensitive feel free to use the "safeLow" gas price to minimize the cost of canceling.