Platform: Code4rena
Start Date: 30/10/2023
Pot Size: $49,250 USDC
Total HM: 14
Participants: 243
Period: 14 days
Judge: 0xsomeone
Id: 302
League: ETH
Rank: 170/243
Findings: 1
Award: $0.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: The_Kakers
Also found by: 00decree, 00xSEV, 0x180db, 0x3b, 0xJuda, 0x_6a70, 0xarno, 0xpiken, Arabadzhiev, Bauchibred, BugsFinder0x, BugzyVonBuggernaut, ChrisTina, DeFiHackLabs, Delvir0, HChang26, Haipls, Jiamin, Juntao, KupiaSec, Madalad, Neon2835, Nyx, Ocean_Sky, SpicyMeatball, Talfao, Taylor_Webb, Timenov, Tricko, ZdravkoHr, _eperezok, alexxander, amaechieth, bdmcbri, bronze_pickaxe, circlelooper, crunch, cu5t0mpeo, dimulski, fibonacci, funkornaut, immeas, ke1caM, lsaudit, nuthan2x, r0ck3tz, rotcivegaf, spark, tnquanghuy0512, twcctop, xeros
0.4703 USDC - $0.47
Lets imagine the following scenario. Alice enters the auction with 1 ether. After that Bob enters as well with 2 ether. Eve(a malicious user) decides to DoS the auction. To do that she creates a smart contract that does not implement the IERC721Receiver interface and has no onERC721Received() function, so the contract will not be able to receive any NFTs. Admin calls claimAuction(), but the function reverts because it can't send the NFT to Eve's contract. Therefore the other users(Alice and Bob) will not get their money back.
This is a well know DoS issue.
Manual Review
Refactor the claimAuction() function to only change the state of the current auction with the tokenId. And when the auction is in finalized state, allow the winner to get it through claimNFT() with WinnerOrAdminRequired modifier.
DoS
#0 - c4-pre-sort
2023-11-15T10:41:53Z
141345 marked the issue as duplicate of #843
#1 - c4-pre-sort
2023-11-16T13:35:14Z
141345 marked the issue as duplicate of #486
#2 - c4-judge
2023-12-05T22:19:22Z
alex-ppg marked the issue as not a duplicate
#3 - c4-judge
2023-12-05T22:19:40Z
alex-ppg marked the issue as duplicate of #739
#4 - c4-judge
2023-12-08T22:22:01Z
alex-ppg marked the issue as partial-50