Orders with forever durations presented an interesting "attack vector" by which someone watching our books could have made a copy of all the orders, allowing them to wait to fill certain orders after significant favorable price movements.
It's highly unlikely this would happen as quite a few factors would have to align for this attack vector to occur. However, we decided it was safest to simply remove the option of forever order durations.
User A places a sell order on our book with a duration of forever for 100 ZRX at a price of .0015 ETH. They forget about this order and remove the ZRX from their wallet pruning this order from our books.
User B makes a copy of this order before it is pruned and watches the User A's address.
Some time passes and the market price of ZRX is now .002 ETH. User A transfers 100 ZRX back into that wallet forgetting about the forever order they placed. This makes that order valid again.
User B sees that User A refunded the order making it valid and now passes the order into the 0x contracts to fill it at the old price of .0015 ETH, immediately realizing a profit of the difference between the current market price and the order price.
What should I do if I placed a forever order?
If you are worried about this potential attack, visit the account page on Radar and cancel any forever orders you have. Because this isn't necessarily time-sensitive feel free to use the "safeLow" gas price to minimize the cost of canceling.