Platform: Code4rena
Start Date: 30/10/2023
Pot Size: $49,250 USDC
Total HM: 14
Participants: 243
Period: 14 days
Judge: 0xsomeone
Id: 302
League: ETH
Rank: 231/243
Findings: 1
Award: $0.00
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: smiling_heretic
Also found by: 00decree, 00xSEV, 0x180db, 0x3b, 0x656c68616a, 0xAadi, 0xAleko, 0xAsen, 0xDetermination, 0xJuda, 0xMAKEOUTHILL, 0xMango, 0xMosh, 0xSwahili, 0x_6a70, 0xarno, 0xgrbr, 0xpiken, 0xsagetony, 3th, 8olidity, ABA, AerialRaider, Al-Qa-qa, Arabadzhiev, AvantGard, CaeraDenoir, ChrisTina, DanielArmstrong, DarkTower, DeFiHackLabs, Deft_TT, Delvir0, Draiakoo, Eigenvectors, Fulum, Greed, HChang26, Haipls, Hama, Inference, Jiamin, JohnnyTime, Jorgect, Juntao, Kaysoft, Kose, Kow, Krace, MaNcHaSsS, Madalad, MrPotatoMagic, Neon2835, NoamYakov, Norah, Oxsadeeq, PENGUN, REKCAH, Ruhum, Shubham, Silvermist, Soul22, SovaSlava, SpicyMeatball, Talfao, TermoHash, The_Kakers, Toshii, TuringConsulting, Udsen, VAD37, Vagner, Zac, Zach_166, ZdravkoHr, _eperezok, ak1, aldarion, alexfilippov314, alexxander, amaechieth, aslanbek, ast3ros, audityourcontracts, ayden, bdmcbri, bird-flu, blutorque, bronze_pickaxe, btk, c0pp3rscr3w3r, c3phas, cartlex_, cccz, ciphermarco, circlelooper, crunch, cryptothemex, cu5t0mpeo, darksnow, degensec, dethera, devival, dimulski, droptpackets, epistkr, evmboi32, fibonacci, gumgumzum, immeas, innertia, inzinko, jasonxiale, joesan, ke1caM, kimchi, lanrebayode77, lsaudit, mahyar, max10afternoon, merlin, mrudenko, nuthan2x, oakcobalt, openwide, orion, phoenixV110, pontifex, r0ck3tz, rotcivegaf, rvierdiiev, seeques, shenwilly, sl1, slvDev, t0x1c, tallo, tnquanghuy0512, tpiliposian, trachev, twcctop, vangrim, volodya, xAriextz, xeros, xuwinnie, y4y, yobiz, zhaojie
0 USDC - $0.00
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L57-L61 https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L65-L83 https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L124-L130
Improper functioning of the auction which allows you to buy at a low price and block other users from participating. Auctions should generally encourage users to bid up the price within a certain period of time in order to obtain the highest possible amount for the seller. However, the current architecture of the AuctionDemo allows for its abuse and inappropriate behavior, which strongly favors people with large amounts of money. They can prevent other users from participating and ultimately buy the auction item for a minimum price.
participateToAuction function.require(msg.value > returnHighestBid(_tokenid) && block.timestamp <= minter.getAuctionEndTime(_tokenid) && minter.getAuctionStatus(_tokenid) == true);
cancelBid and immediately submits a new one (this time with a very low value), winning the auction in an unfair way.In this way, the amount achieved due to the auction will be much lower, and potential buyers will lose the opportunity to participate in it.
Manual review
Allow bid cancellations only for a specified period of time, which must be significantly shorter than the auction duration.
Other
#0 - c4-pre-sort
2023-11-15T05:21:26Z
141345 marked the issue as duplicate of #1952
#1 - c4-judge
2023-11-29T18:42:29Z
alex-ppg marked the issue as not a duplicate
#2 - c4-judge
2023-11-29T18:42:36Z
alex-ppg marked the issue as primary issue
#3 - c4-judge
2023-11-30T16:01:11Z
alex-ppg marked the issue as duplicate of #1254
#4 - c4-judge
2023-12-06T23:24:18Z
alex-ppg marked the issue as not a duplicate
#5 - c4-judge
2023-12-06T23:24:31Z
alex-ppg marked the issue as duplicate of #1513
#6 - c4-judge
2023-12-07T11:51:07Z
alex-ppg marked the issue as duplicate of #1323
#7 - c4-judge
2023-12-08T17:15:48Z
alex-ppg marked the issue as partial-25
#8 - c4-judge
2023-12-08T17:27:50Z
alex-ppg marked the issue as satisfactory
#9 - c4-judge
2023-12-08T17:47:46Z
alex-ppg marked the issue as partial-25