Open code423n4 opened 2 years ago
I've identified that this issue and all of its duplicates clearly outline how an attacker might overflow an order to continually fulfill an order at the same market price.
An instance where this issue might cause issues is during a restricted token sale. A relevant scenario is detailed as follows:
OrderValidator
, the order fulfillment can be reset to allow the public to more than 50% of the total token supply.For these reasons, I believe this issue to be of high severity because it breaks certain trust assumptions made by the protocol and its userbase. By intentionally forcing a user to sell additional tokens, you are effectively altering the allocation of their wallet holdings, potentially leading to further funds loss as they may incur slippage when they have to sell these tokens back.
A great finding from all involved!
Per @0age resolved via: https://github.com/ProjectOpenSea/seaport/pull/319
Lines of code
https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L228 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L231 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L237 https://github.com/code-423n4/2022-05-opensea-seaport/blob/4140473b1f85d0df602548ad260b1739ddd734a5/contracts/lib/OrderValidator.sol#L238
Vulnerability details
Impact
A partial order's fractions (
numerator
anddenominator
) can be reset to0
due to a truncation. This can be used to craft malicious orders:marketplaceContract
.PARTIAL_OPEN
order with 10 ERC1155 tokens and consideration of ETH.1 / 2
, Bob provides2**118 / 2**119
. This sets thetotalFilled
to2**118
andtotalSize
to2**119
.1 / 10
. The computation2**118 / 2**119 + 1 / 10
is done by "cross multiplying" the denominators, leading to the acutal fraction beingnumerator = (2**118 * 10 + 2**119)
anddenominator = 2**119 * 10
.uint120
truncation in OrderValidator.sol#L228-L248, thenumerator
anddenominator
are truncated to0
and0
respectively.Proof of Concept
For a full POC: https://gist.github.com/hrkrshnn/7c51b23f7c43c55ba0f8157c3b298409
The following change would make the above POC fail:
Tools Used
Manual review
Recommended Mitigation Steps
A basic fix for this would involve adding the above checks for overflow / truncation and reverting in that case. However, we think the mechanism is still flawed in some respects and require more changes to fully fix it. See a related issue: "A malicious filler can fill a partial order in such a way that the rest cannot be filled by anyone" that points out a related but a more fundamental issue with the mechanism.