NextGen - Zac's results

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L57

Vulnerability details

Impact

In the AuctionDemo a malicious bidder can prevent others from bidding by placing a very large bid at the start, then cancelling the bid at the deadline. Others users are not able to bid because they must place a higher bid than the current highest bid, which is now much higher than it should be.

This is done in the following steps:

1. User places bid at the very start(or near the start when the price is still much lower than expected)
2. User waits until the deadline and cancels their bid
3. In the same transaction as step 2 they can place a very low bid and win the auction.

It is worth noting that the attacker doesn't need to do step 3. This is important as it means that they can place a high bid that blocks the auction at any time even if they don't have the intention of winning the auction.

Proof of Concept

In this example we can assume the NFT is worth roughly 1 ETH

// attacker places a very high bid at the start of the auction
vm.startPrank(attacker);
auction.participateToAuction{value: 100 ether}(tokenIndex);

// advance to the end of the auction
vm.warp(block.timestamp + 1000);

// attacker cancels the bid
auction.cancelBid(tokenIndex, 0);

// attacker places smallest possible bid
auction.participateToAuction{value: 1}(tokenIndex);

Tools Used

Foundry

Recommended Mitigation Steps

One of the ways to mitigate this would be to allow people to bid even if they are not the highest bid. An alternative would be to not allow the cancelling of bids.

Assessed type

DoS

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L104 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L124 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L134

Vulnerability details

Impact

In the AuctionDemo contract the winner of the auction can claim their NFT and cancel their bid. This means that they can get the NFT for free.

This is done in the following steps, at the end of the auction(block.timestamp == minter.getAuctionEndTime(_tokenid)):

1. Attacker places a bid
2. Attacker calls claimAuction() to claim their NFT
3. Attacker calls cancelBid() or cancelAllBids() to cancel their bid

This attack does require the amount of ETH in the contract to be greater than or equal to the winning bid(before the attacker places the bid). This should easiely be possible with other auctions happening.

It also has the effect of there not being enough ETH left for the other auctions meaning that some of the bidders will not recieve their refund and the owner may not recieve the winning bid.

Proof of Concept

In this POC we assume there are other auctions happening and that the sum of their bids is greater than 1 ETH This ensures there is enough balance for the attacker to cancel their bid

// advance to the end of the auction(block.timestamp == minter.getAuctionEndTime(_tokenid))
vm.warp(block.timestamp + 1000);

// attacker places a bid
vm.startPrank(attacker);
auction.participateToAuction{value: 1 ether}(tokenIndex);

// attacker claims their nft
auction.claimAuction(tokenIndex);

// attacker cancels the bid
auction.cancelBid(tokenIndex, 0);

vm.stopPrank();

Tools Used

Foundry

Recommended Mitigation Steps

Update claimAuction() so that it can only be called after the end of the auction and not at the end.

This ensures that claimAuction() and cancelBid()/cancelAllBids() are not able to be called in the same transaction

-    require(block.timestamp >= minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);

+    require(block.timestamp > minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);

Assessed type

Timing

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L104 https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L57

Vulnerability details

Impact

The highest bidder can frontrun anyone that waits until the end of the auction to bid(block.timestamp == minter.getAuctionEndTime(_tokenid)).

The current highest bidder can frontrun any bids at the deadline with a call to claimAuction(). The bids will still succeed and the new highest bidder will not be able to refund and will not be able to claim their NFT.

Proof of Concept

In this example Alice is the highest bidder and Bob waits until the end to bid.

1. Alices places a bid

// Alice places a bid of 1 ether
vm.prank(alice);
auction.participateToAuction{value: 1 ether}(tokenIndex);

Advance to the end of the auction

2a. Bob places a bid at the deadline

// Bob places a bid of 2 ether
vm.prank(bob);
auction.participateToAuction{value: 2 ether}(tokenIndex);

2b. Alice frontruns bob with a call to claimAuction()

vm.prank(alice);
auction.claimAuction(tokenIndex);

Alice has recieved the NFT Bob has not recieved the NFT and has no way to refund/cancel his bid

Tools Used

Foundry

Recommended Mitigation Steps

It should not be possible to bid at the same time as calling claimAuction()

To solve this we can change claimAuction so that it can only be called after the end of the auction and not at the end.

-    require(block.timestamp >= minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);

+    require(block.timestamp > minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);

Assessed type

Timing