No check for overflow or underflow of the uint256 values, which could allow for malicious actors to perform token or ether theft.

[code423n4]

Lines of code

https://github.com/ProjectOpenSea/seaport/blob/5de7302bc773d9821ba4759e47fc981680911ea0/contracts/interfaces/AbridgedTokenInterfaces.sol#L4

Vulnerability details

Impact

A hacker contract is created that calls the "transferFrom" function in the ERC20Interface with a very large value for the "amount" parameter. Since the contract does not have proper overflow/underflow checks in place, it will process the transaction and transfer more tokens than it intended to, resulting in token or ether theft.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

[0age]

contested; external contracts are out of scope

[c4-judge]

HickupHH3 marked the issue as unsatisfactory: Insufficient quality