Closed code423n4 closed 2 years ago
duplicate and already commented on
The comment from 0age on the duplicate report:
This is not a valid finding; yes the number of transfers you can execute is capped by the block limit but setting an arbitrary cap would have the same effect (i.e. transaction would revert) but without as much headroom for additional transfers.
Agree with the sponsor that imposing a limit would be arbitrary and still lead to the same problem. It's not clear this is actionable feedback.
Lines of code
https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L52-L81 https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L117-L148
Vulnerability details
Impact
execute() and executeWithBatch1155() are external functions. Both functions run for loops, boundary of which are determined by the function arguments. Anytime there's a loop where the input comes from an external source there's the possibility of unbounded looping.
Proof of Concept
https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L52-L81
https://github.com/code-423n4/2022-05-opensea-seaport/blob/main/contracts/conduit/Conduit.sol#L117-L148
Reference: https://consensys.github.io/smart-contract-best-practices/attacks/denial-of-service/#dos-with-block-gas-limit
Tools Used
Manual review
Recommended Mitigation Steps
I suggest to limit the max number the loops can run. If the required iteration is greater than the limit, force it to take multiple transactions, or revert the function with a message indicating the reason.