Platform: Code4rena
Start Date: 30/10/2023
Pot Size: $49,250 USDC
Total HM: 14
Participants: 243
Period: 14 days
Judge: 0xsomeone
Id: 302
League: ETH
Rank: 118/243
Findings: 1
Award: $12.62
π Selected for report: 0
π Solo Findings: 0
π Selected for report: bird-flu
Also found by: 00decree, 0xAadi, AS, Audinarey, DeFiHackLabs, Eigenvectors, Fitro, Hama, Kaysoft, Krace, REKCAH, SovaSlava, The_Kakers, Viktor_Cortess, cartlex_, degensec, devival, evmboi32, funkornaut, jacopod, openwide, peanuts, rotcivegaf, smiling_heretic, xAriextz, xiao
12.6178 USDC - $12.62
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L113
(bool success, ) = payable(owner()).call{value: highestBid}("");
owner() is an invalid address, which will result in the user with the highest bid being unable to send the balance to the token owner.
Executing claimAuction is invalid. The user with the highest bid and the token owner both lose, resulting in locked funds.
Manual review
εζ°ζΉεδΈΊownerOfToken
(bool success, ) = payable(ownerOfToken).call{value: highestBid}("");
Invalid Validation
#0 - c4-pre-sort
2023-11-16T01:08:02Z
141345 marked the issue as duplicate of #245
#1 - c4-judge
2023-12-08T22:27:05Z
alex-ppg marked the issue as partial-50
#2 - c4-judge
2023-12-09T00:22:20Z
alex-ppg changed the severity to 2 (Med Risk)