When a user has set the approvals on the marketplace, an attacker could submit a transaction signed by the attacker for the (partial) sale of a hypercert fraction. The attacker would receive the funds, the order taker would receive the fraction and the fraction owner would lose a bit of the fraction.
To mitigate this, we added checks on the hypercert strategies where needed. Specifically, a check on ownership of the fraction by the signer of the message by calling the HyperMinter contract at time of order execution.
The vulnerability is specific to the split function call because there is not check there on the operator-msg.sender relations/approval as common in the transferFrom methods. This is an artifact from changing the original design where only the owner or somebody allowed by the owner would be able to split. The marketplace widens the attack vector because anybody can operate the marketplace, compared to a trusted operator you specifically set the approval for.
To validate the changes, tests have been added to each hypercert strategy and one on the protocol level for 721 as a sanity check.
This PR covers the bug discussed in #1317
When a user has set the approvals on the marketplace, an attacker could submit a transaction signed by the attacker for the (partial) sale of a hypercert fraction. The attacker would receive the funds, the order taker would receive the fraction and the fraction owner would lose a bit of the fraction.
To mitigate this, we added checks on the hypercert strategies where needed. Specifically, a check on ownership of the fraction by the signer of the message by calling the HyperMinter contract at time of order execution.
The vulnerability is specific to the split function call because there is not check there on the operator-msg.sender relations/approval as common in the transferFrom methods. This is an artifact from changing the original design where only the owner or somebody allowed by the owner would be able to split. The marketplace widens the attack vector because anybody can operate the marketplace, compared to a trusted operator you specifically set the approval for.
To validate the changes, tests have been added to each hypercert strategy and one on the protocol level for 721 as a sanity check.