Platform: Code4rena
Start Date: 06/12/2022
Pot Size: $36,500 USDC
Total HM: 16
Participants: 119
Period: 3 days
Judge: berndartmueller
Total Solo HM: 2
Id: 189
League: ETH
Rank: 21/119
Findings: 1
Award: $171.27
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: ForkEth
Also found by: CRYP70, Ch_301, Chom, Lambda, adriro, csanuragjain, minhquanym
171.2749 USDC - $171.27
The buy function on the LPDA.sol contract is not validating if the auction is still running, allowing a purchase to be made after the stipulated time. The endtime variable used to store the end date of the auction is not used at any point to validate whether the purchase is being made within the deadline.
// SPDX-License-Identifier: MIT pragma solidity ^0.8.17; import "forge-std/Test.sol"; import {EscherTest} from "./utils/EscherTest.sol"; import {LPDAFactory, LPDA} from "src/minters/LPDAFactory.sol"; contract LPDABase is EscherTest { LPDAFactory public lpdaSales; LPDA.Sale public lpdaSale; function setUp() public virtual override { super.setUp(); lpdaSales = new LPDAFactory(); // set up a LPDA Sale lpdaSale = LPDA.Sale({ currentId: uint48(0), finalId: uint48(10), edition: address(edition), startPrice: uint80(uint256(1 ether)), finalPrice: uint80(uint256(0.1 ether)), dropPerSecond: uint80(uint256(0.1 ether) / 1 days), startTime: uint96(block.timestamp), saleReceiver: payable(address(69)), endTime: uint96(block.timestamp + 1 days) }); } } contract LPDATest is LPDABase { LPDA public sale; event End(LPDA.Sale _saleInfo); function test_Buy() public { sale = LPDA(lpdaSales.createLPDASale(lpdaSale)); // authorize the lpda sale to mint tokens edition.grantRole(edition.MINTER_ROLE(), address(sale)); vm.warp(block.timestamp + 3 days); sale.buy{value: 1 ether}(1); assertEq(address(sale).balance, 1 ether); } }
The code above shows that even after two days after the endTime it was still possible to make the purchase.
Our recommendation would be to introduce a require to validate the if the purchase is being made within the endTime.
require(block.timestamp > sale.endTime, "TOO LATE");
The above could must be placed at the beginning of the buy function.
#0 - c4-judge
2022-12-11T19:14:38Z
berndartmueller marked the issue as primary issue
#1 - c4-sponsor
2022-12-22T17:44:39Z
mehtaculous marked the issue as sponsor confirmed
#2 - mehtaculous
2022-12-22T17:45:12Z
Agree that this is Medium priority. We want to check that we are not past the endTime on the buy() function
#3 - c4-judge
2023-01-02T20:30:43Z
berndartmueller marked the issue as selected for report