0age
commented
1 year ago contested; we use _CHAIN_ID to compare against block.chainid so that we can recompute the domain separator if they differ
Closed code423n4 closed 1 year ago
0age
commented
1 year ago contested; we use _CHAIN_ID to compare against block.chainid so that we can recompute the domain separator if they differ
HickupHH3
commented
1 year ago Working exactly as intended.
c4-judge
commented
1 year ago HickupHH3 marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/ProjectOpenSea/seaport/blob/5de7302bc773d9821ba4759e47fc981680911ea0/contracts/lib/ConsiderationBase.sol#L70
Vulnerability details
Impact
problem with using block.chainid is it can change over time in the same network. This means that the value stored in _CHAIN_ID may not always be accurate, and can cause issues if the contract relies on this value for any critical functionality.
Proof of Concept
for ex, if a contract uses block.chainid to check if it is running on a specific network, the check will fail if the network's chain ID is changed. This can cause the contract to malfunction or make incorrect decisions, leading to potential loss of funds or other problems.
Tools Used
Recommended Mitigation Steps
A better approach would be to use the chainId() function, which is more reliable and does not change over time in the same network.