Open code423n4 opened 2 years ago
While the warden's issue is mostly correct, the proposed fix is slightly incorrect. I think cost += (returnDataWords - msizeWords)*CostPerWord + (returnDataWords - msizeWords)**2 / MemoryExpansionCoefficient
makes more sense. The issue really only affects how revert messages are bubbled up to the caller.
Memory Expansion Calculation is Incorrect
Code used to calculate memory expansion cost is inconsistent with equation 326 in the ethereum yellow paper
The code uses the following equation to calculate cost:
cost += (returnDataSize-memorySize)/costPerWord + (returnDataSize**2 - memorySize**2)/memoryExpansionCoefficient
The equation should instead be
cost += (returnDataSize-memorySize)/costPerWord + (returnDataSize - memorySize)**2/memoryExpansionCoefficient
This can cause the expansion cost to be overestimated and cause more generic errors to be reported instead of specific ones
The affected lines are: https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/TokenTransferrer.sol#L100-L121
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/TokenTransferrer.sol#L409-L424
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/LowLevelHelpers.sol#L66-L78