code-423n4 / 2022-05-opensea-seaport-findings

1 stars 0 forks source link

QA Report #113

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

QA Report

An order can be cancelled more than once

OrderValidator._cancel does not check if an order is already cancelled. This can cause OrderCancelled event to emit more than once for the same order. Consider either throwing when _cancel is called on an already cancelled order, or wrapping the event emission with an if statement.

Typos

OrderCombiner.sol:L365: revertOnValid → revertOnInvalid
ConsiderationStructs.sol:L68: an → and

HardlyDifficult commented 2 years ago

Merging with https://github.com/code-423n4/2022-05-opensea-seaport-findings/issues/155

HardlyDifficult commented 2 years ago

An order can be cancelled more than once

It does not seem harmful to allow orders to be canceled multiple times. However it may be worth considering to avoid confusion. It's pretty common for users to fire the same transaction multiple times, not realizing that there is a delay before the first transaction is mined.

Typos

It is nice to fix typos..

ERC721_WITH_CRITERIA items with an endAmount greater than 1 are problematic

See comments in https://github.com/code-423n4/2022-05-opensea-seaport-findings/issues/155