Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Premature Auction Termination via Unrestricted `auctionEnd()` Function

daniel526

Summary

see below

Vulnerability Details

In the FjordAuction contract, the auctionEnd() function is responsible for terminating the auction once the specified auction end time (auctionEndTime) has been reached. This function sets the ended flag to true, indicating that the auction has concluded, and it prevents any further bids from being placed. The relevant part of the code is as follows:

function auctionEnd() external {

if (block.timestamp < auctionEndTime) {

revert AuctionNotYetEnded();

}

if (ended) {

revert AuctionEndAlreadyCalled();

}

ended = true;

emit AuctionEnded(totalBids, totalTokens);

if (totalBids == 0) {

auctionToken.transfer(owner, totalTokens);

return;

}

multiplier = totalTokens.mul(PRECISION_18).div(totalBids);

// Burn the FjordPoints held by the contract

uint256 pointsToBurn = fjordPoints.balanceOf(address(this));

fjordPoints.burn(pointsToBurn);

}

However, there is no restriction on who can call the auctionEnd() function, meaning any user—including a malicious one—can call this function as soon as the current timestamp surpasses the auctionEndTime. This presents a critical issue because an attacker can deliberately end the auction prematurely before any legitimate users have the opportunity to place their bids.

Once the auctionEnd() function is called and the auction is marked as ended, any subsequent calls to the bid() function will fail, reverting with the AuctionAlreadyEnded() error:

function bid(uint256 amount) external {

if (block.timestamp > auctionEndTime) {

revert AuctionAlreadyEnded();

}

bids[msg.sender] = bids[msg.sender].add(amount);

totalBids = totalBids.add(amount);

fjordPoints.transferFrom(msg.sender, address(this), amount);

emit BidAdded(msg.sender, amount);

}

As a result, this can lead to a situation where the auction ends with little or no participation, and legitimate users are denied the chance to place their bids.

Impact

If an attacker calls the auctionEnd() function prematurely, they can effectively terminate the auction before any legitimate bids have been placed, causing the auction to conclude with no participation. This will prevent users from bidding and disrupt the auction process, leading to potential financial losses for both bidders and the auction organizer.

Tools Used

Manual

Recommendations

The auctionEnd() function should be restricted so that only the auction owner can call it, or alternatively, a time buffer could be introduced that ensures a minimum participation period before the auction can be ended.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.