search

code-423n4 / 2023-01-opensea-findings

0 stars 0 forks source link

SWC-109 Uninitialized Storage Pointer #46

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/ProjectOpenSea/seaport/blob/5de7302bc773d9821ba4759e47fc981680911ea0/contracts/lib/OrderValidator.sol#L656

Vulnerability details

Impact

Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities.

Proof of Concept

Exploit Vulnerability

OrderStatus storage orderStatus;

Tools Used

{github}

Recommended Mitigation Steps

// If a storage variable is needed then initialise it upon declaration and additionally specify the storage location storage.
OrderStatus storage orderStatus = "value, array value, or path";
0age commented 1 year ago

contested, appears to be a duplicate

HickupHH3 commented 1 year ago

Used in the for-loop. Feels like warden simply ran the code against SWC issues and flagged without further investigation. 

// Retrieve the order status using the derived order hash.
orderStatus = _orderStatus[orderHash];

// Update the order status as not valid and cancelled.
orderStatus.isValidated = false;
orderStatus.isCancelled = true;
c4-judge commented 1 year ago

HickupHH3 marked the issue as unsatisfactory: Insufficient proof