Closed code423n4 closed 2 years ago
This is checked elsewhere, specifically when asserting that all criteria-based items have been fully resolved.
The _applyCriteriaResolvers
function will replace ERC721_WITH_CRITERIA
with ERC721
-- downstream of this function ERC721_WITH_CRITERIA
is no longer a valid value to check for.
Lines of code
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/Executor.sol#L85-L96
Vulnerability details
Impact
Transaction can revert or have unexpected behaviour
Poc
In
_transfer#executor.sol
you are checking Itemtype valuesItemtype.NATIVE
,Itemtype.ERC20
andItemtype.ERC721
after then the last else clause assumes that the Itemtype is a ERC1155.However the definition of the struct is
That means you forgot two important options that can make revert your transaction for example it someone set
ERC721_WITH_CRITERIA
In any case this is a bad practice because the contract will assumes every number higher than 3 to be ERC1155.Recommendation
Add proper checks in else clause.