Closed code423n4 closed 1 year ago
contested; this is implied by the following description in the natspec for this function, as this check has already been applied "upstream":
Note that this function expects that the startTime parameter of orderParameters is not greater than the current block timestamp and that the endTime parameter is greater than the current block timestamp. If this condition is not upheld, duration / elapsed / remaining variables will underflow.
Agreed. Function natspec explicitly mentions the conditions for the inputs.
HickupHH3 marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/ProjectOpenSea/seaport/blob/c30dd90272609677606f03f9c885466f15e891eb/contracts/lib/AmountDeriver.sol#L55
Vulnerability details
Impact
In the _locateCurrentAmount function, there is an assembly operation that is dividing by duration without a zero check, which could cause a division by zero error.
Proof of Concept
// Check for division by zero
}
Tools Used
vs code
Recommended Mitigation Steps
mentioned in POC