Platform: Code4rena
Start Date: 04/11/2022
Pot Size: $42,500 USDC
Total HM: 9
Participants: 88
Period: 4 days
Judge: 0xean
Total Solo HM: 2
Id: 180
League: ETH
Rank: 84/88
Findings: 1
Award: $5.60
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Trust
Also found by: 0x1f8b, 0xdapper, HE1M, KIntern_NA, Lambda, Picodes, RaymondFam, RedOneN, TomJ, V_B, __141345__, c7e7eff, chaduke, codexploder, corerouter, cryptonue, fs0c, gz627, hihen, joestakey, ktg, ladboy233, minhtrng, rvierdiiev, simon135, skyle, slowmoses, wagmi, yixxas
5.604 USDC - $5.60
https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L157-L159
A Bidder can DOS an Auction from receiving further bids by depositing and withdrawing same bid 1000 times using cancelBid function. This attack is feasible when Auction duration is long (meaning large number of bid expected) and a.params.minimumBidQuote is low
minimumBidQuote=1 USDCa. Bids on Auction A with minimumBidQuote
b. Cancel this bid using cancelBid
Repeat step 1 & 2 thousand time. At the end a.bids.length becomes 1000 and would stop receiving further bids
This is incorrect as same user made all 1000 entries and also deleted them
Manual
Once bidder is removed then remove the bidder from the bid list i.e. a.bids[bidIndex]
#0 - c4-judge
2022-11-09T15:40:00Z
0xean marked the issue as duplicate
#1 - c4-judge
2022-12-06T00:22:58Z
0xean marked the issue as satisfactory