0age
commented
1 year ago contested; the "skip" mechanic on inactive orders is so you can call fulfillAvailableOrders and not have an order that's already fulfilled bring down the whole batch like a revert would. Skipped orders aren't executed.
HickupHH3
c4-judge
Lines of code
https://github.com/ProjectOpenSea/seaport/blob/5de7302bc773d9821ba4759e47fc981680911ea0/contracts/lib/Verifiers.sol#L39
Vulnerability details
Impact
The _verifyTime function only reverts if revertOnInvalid is true and the order is not active. This means that if revertOnInvalid is not passed or is false, the function will not revert even if the order is not active. It could have a significant impact on the functionality of the smart contract. This could allow users to execute actions on the smart contract even if the order is not valid, leading to unintended behavior. For example, if the smart contract is being used to facilitate trades of some asset, an attacker could use this vulnerability to execute trades even when the order is not active, potentially allowing them to buy or sell assets at an unfair price.
Proof of Concept
1.Deploy the Verifiers contract to a test blockchain. 2.Create an order that has a start time in the future and an end time in the past. 3.Try to execute an action on the smart contract that should only be allowed when the order is active, such as buying or selling an asset. By following above steps it is observed that the action is executed even though the order is not active.
Tools Used
Recommended Mitigation Steps
There must be a require statement added in the _verifyTime function to check if the order is active before executing any actions that depend on the order being active.