Issues Found
| Severity | Tag | Count |
|---|---|---|
| Critical | (C-1) | |
| High | (H-1) | |
| Medium | (M-1) | |
| Low | (L-1) | |
| Code Quality | (Q-1) | 5 |
| Gas Optimization | (G-1) | |
| Informational | (I-1) |
| Topic | Protocol Design | |
|---|---|---|
| Impact | Medium |
Reference: SeaportEIP1271.sol#L21
The isValidSignature functions only works with signatures consisting of 65 bytes. However, another form of signatures exists - the so called “compact” signatures - that only consist of 64 bytes (see ERC-2098).
As a result, the isValidSignature functions reverts for both Seaport bulk orders as well as standard signatures when a message has been signed using the compact signature scheme.
Remediations to Consider
Adapt the logic to support compact signatures.
| Topic | Interoperability | |
|---|---|---|
| Impact | High |
Reference: SeaportOrderParser.sol#L74C15-L74C42
The current validation logic for bulk orders is only compatible with Seaport version 1.5. This is due to the domain separator being built from the version hash derived from the string "1.5":
// Derive hash of the version string of the contract.
versionHash = keccak256(bytes("1.5"));
Therefore, the current implementation does not support earlier versions or future versions. Although Seaport v1.5 is the latest deployed version, v1.6 was recently released. It is foreseeable that protocols will use version 1.6 or newer versions in the future.