search

code-423n4 / 2022-05-opensea-seaport-findings

1 stars 0 forks source link

`nonce` may cause user misunderstanding #117

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/lib/Consideration.sol#L463-L466

Vulnerability details

Impact

In cryptography, a nonce is a number that should be used just once in a communication. According to that, nonce should be increased after creating a new order. Which means that the nonce should be used just once. But that is obviously not the case in Seaport.

Therefore, users who learn the meaning of nonce from cryptography may misunderstand the meaning of nonce in Seaport. They may call incrementNonce() before creating a new order. Then the previous orders all become invalid. But they won’t notice the change. The offer items could be frozen.

Proof of Concept

  1. Alice creates an order, then puts it on a marketplace.
  2. Alice wants to create a new order. She believes that the nonce should be only used once. So she calls incrementNonce() to increase the nonce.
  3. Now the previous order is accidentally canceled. And Alice won’t notice that until someone tries to fulfill her order and tell her that the order is invalid.

Tools Used

None

Recommended Mitigation Steps

Change nonce to epoch or other word that won’t cause misunderstanding.

0age commented 2 years ago

This is a good point about the term being misleading, but the finding (orders becoming "frozen") is odd and definitely not medium-severity.

HardlyDifficult commented 2 years ago

Merging with the warden's QA report https://github.com/code-423n4/2022-05-opensea-seaport-findings/issues/123