Platform: Code4rena
Start Date: 20/05/2022
Pot Size: $1,000,000 USDC
Total HM: 4
Participants: 59
Period: 14 days
Judge: leastwood
Id: 128
League: ETH
Rank: 21/59
Findings: 2
Award: $2,429.38
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Spearbit
Also found by: 0xsanson, Chom, IllIllI, OriDabush, Saw-mon_and_Natalie, broccoli, cccz, cmichel, csanuragjain, foobar, hack3r-0m, hickuphh3, hubble, hyh, ilan, kebabsec, mayo, oyc_109, peritoflores, rfa, scaraven, sces60107, shung, sorrynotsorry, tintin, twojoy, zkhorse, zzzitron
1993.642 USDC - $1,993.64
Missing 0 address check when setting address in contracts.
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/conduit/ConduitController.sol#L57-L94 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/conduit/ConduitController.sol#L118-L127
None
Add 0 address check
#0 - HardlyDifficult
2022-06-19T17:44:06Z
#1 - HardlyDifficult
2022-06-20T13:44:51Z
#2 - HardlyDifficult
2022-06-26T18:07:32Z
Missing 0 address check
Related to comment in https://github.com/code-423n4/2022-05-opensea-seaport-findings/issues/56
TokenTransferrer: to is unchecked in _performERC721Transfer(), which can cause user's NFT to be frozen
See comments in https://github.com/code-423n4/2022-05-opensea-seaport-findings/issues/19
There is no Support For The Trading of Cryptopunks
See comments in #44
🌟 Selected for report: Dravee
Also found by: 0x1f8b, 0x29A, 0xalpharush, Chom, Czar102, Hawkeye, IllIllI, MaratCerby, MiloTruck, NoamYakov, OriDabush, RoiEvenHaim, Spearbit, Tadashi, TerrierLover, TomJ, asutorufos, cccz, cmichel, csanuragjain, defsec, delfin454000, djxploit, ellahi, foobar, gzeon, hake, hickuphh3, ignacio, ilan, joestakey, kaden, mayo, ming, oyc_109, peritoflores, rfa, sach1r0, sashik_eth, shung, sirhashalot, twojoy, zer0dot, zkhorse
435.7397 USDC - $435.74
The _verifyOrderStatus function will be called before _orderStatus[orderHash].isCancelled is set to false. Since the _verifyOrderStatus function requires isCancelled to be false, _orderStatus[orderHash].isCancelled = fasle can be omitted.
function _verifyOrderStatus( bytes32 orderHash, OrderStatus memory orderStatus, bool onlyAllowUnused, bool revertOnInvalid ) internal pure returns (bool valid) { // Ensure that the order has not been cancelled. if (orderStatus.isCancelled) { // Only revert if revertOnInvalid has been supplied as true. if (revertOnInvalid) { revert OrderIsCancelled(orderHash); } // Return false as the order status is invalid. return false; }
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L71-L72 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L227-L228 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L236-L237