carlhammann
commented
1 year ago For the record: As far as I understand it, the doubleSatAttack performs poorly on this example not because of some flaw in that function itself, but for more general design reasons in cooked-validators.
This PR documents and exploits the double satisfaction vulnerability found by Facundo. It also removes the
doubleSatAttackin the tests for the auction contract: It is possible, but not straightforward to make it find this particular vulnerability, and an automaticdoubleSatAttackthat needs a lot manual of work to find a relatively simple vulnerability doesn't look too compelling.