Closed code423n4 closed 1 year ago
Disagree with all points 0.8.13 may be one of the most stable solidity releases
address(0) are never used in the codebase and the sponsor is a proponent of that
Natspec is always optional
The bar for QA reports in this contest is at least 2 valid non-critical findings or at least one valid low risk finding. Per the comments above, this submission is below that bar -- closing as invalid.
Low
[L-01]
Impact
Using the latest versions of solidity might make contracts susceptible to undiscovered compiler bugs. All contracts in scope are currently using solidity version
0.8.13
.Recommendation
Consider using solidity version
0.8.4
-0.8.7
to avoid unexpected bugs.[L-02] Missing checks for
address(0)
when transfering tokens/eth.Impact
Address type parameters should include a zero-address check otherwise contract functionality may become inaccessible or tokens burnt forever.
Proof of Concept
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/Executor.sol#L222-L224
Recommendation
Add
address(0)
check.Non-Critical
[N-01] Missing Natspec
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/GettersAndDerivers.sol#L281-L287
Missing
@return
tag.Tools Used
Manual.