NextGen - Norah's results

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/MinterContract.sol#L276 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L57-L61 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L134-L143 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L104-L120

Vulnerability details

description

NextGen Protocol implements a phase where the creator can call mintAndAuction() for certain NFTs in collection for a fixed duration of time, during which users can bid the price they are willing to pay for the NFT, and the highest bidder at the end of the auction gets the NFT.

Every bidder has to pay the ETH amount they are willing to bid, and it has to be higher than the previous bid. In the end, the winner gets the NTF, and the rest of the bids are returned to the respective bidders.

vulnerability

Alll the bids are stored in an array of struct auctionInfoData[_tokenid], Each time a new bid is made, a struct containing the address of the bidder and their bid is pushed into the array.

Any user can make multiple bids in auction and are also allowed to cancel their bids before the auctions ends.

exploit

A malicious user can simply back-run the mintAndAuction() and place two bids:

• First bid with 1 wei (it will be allowed as he is the first bidder)
• Second bid of very high value (say two times or the three times the actual market value of NFT).

Then this malicious user simply waits till the auction is about to end.

Meanwhile other interested buyers won't make a bid seeing the absurd bid by our malicious user, and even if they tried to make one with a fair value (say of half or one third of our malicious user's second bid), it will be rejected as it wont be higher than the previous bid.

When the auction is just about to end, the malicious user will call cancelBid() for their second bid, cancelling it and getting his high value bid amount back.

As a result, there will be only one bid when the auction ends: that of 1 wei by attacker, allowing him to claim the NFT for just 1 wei.

Now, there is a possibility that the malicious user may get back-run or that the transaction does not go through before auction ends, but for precious NFT, he has a very good incentive to pay the Validators/Miners and brick the auction.

impact

• Malicious users can claim NFT for 1 wei by blocking other bidders during the mintAndAuction() phase.
• Attacker will have to lock their capital for the duration of the auction, but that won't be an issue when the rare (worthy) NFTs are involved.
• Submitting this is high because, while there is risk involved on the attacker's end in case the cancelBid() transaction does not go through but MEV attacks are still very prevalent.

proof of concept

tools used

manual review

recommended mitigation steps

• I think the feature of canceling bids introduced more security concerns than the convenience it provides, as those who are not interested in auctions anymore will get their bid back anyway, once the auction ends.
• Therefore, I would recommend removing the cancelBid() functionality altogether.

Assessed type

MEV