Platform: Code4rena
Start Date: 04/11/2022
Pot Size: $42,500 USDC
Total HM: 9
Participants: 88
Period: 4 days
Judge: 0xean
Total Solo HM: 2
Id: 180
League: ETH
Rank: 86/88
Findings: 1
Award: $5.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Trust
Also found by: 0x1f8b, 0xdapper, HE1M, KIntern_NA, Lambda, Picodes, RaymondFam, RedOneN, TomJ, V_B, __141345__, c7e7eff, chaduke, codexploder, corerouter, cryptonue, fs0c, gz627, hihen, joestakey, ktg, ladboy233, minhtrng, rvierdiiev, simon135, skyle, slowmoses, wagmi, yixxas
5.604 USDC - $5.60
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L415-L440 https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L156-L159
There is a limit to number of bids per auction. The attacker can place bid and cancel bids recursively to fill up the bids array preventing the seller from getting any valid bids and having to redo the auction all over again. This can also be used to prevent users from being able to participate in an auction essentially creating a DoS attack.
Pseudo code:
contract Grief { function grief() { quoteToken.approve(sizeSealed, type(uint).max); for (uint i = 0; i < 1000; i++) { uint bidId = sizeSealed.bid(...); sizeSealed.cancelBid(auctionId, bidId); } } }
Delete cancelled bids from the bids array.
#0 - c4-judge
2022-11-09T17:50:11Z
0xean marked the issue as duplicate
#1 - c4-judge
2022-12-06T00:25:48Z
0xean marked the issue as satisfactory