The '_executeNonAtomicOrders' function in SeaportProxy.sol may fail unexpectedly #54
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
M-01
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/proxies/SeaportProxy.sol#L224
Vulnerability details
Impact
The '_executeNonAtomicOrders' function in SeaportProxy.sol tries to send fee by batch, this may break the 'NonAtomic' feature.
Proof of Concept
Let's say user want to buy 3 NFTs with following order parameters
Given user only sends 600 USDT, the expected result should be
But as the fees are batched and sent at last, cause all 3 orders failed.
Tools Used
VS Code
Recommended Mitigation Steps
Don't batch up fees.
The text was updated successfully, but these errors were encountered: