Potential Denial of Service (DoS) Risk from Small Bids in Auction Contract
Summary
See below
Vulnerability Details
In the FjordAuction contract, a potential Denial of Service (DoS) issue arises from the auction's handling of bids. Specifically, a user could place a very small bid relative to the total auction tokens available, which may lead to a disproportionately large multiplier value. This occurs because the multiplier is calculated as follows:
If a single bid is placed with a very small amount (e.g., 1 FjordPoint) and becomes the only bid, totalBids would be very small compared to totalTokens. This results in a large multiplier value:
This large multiplier could lead to excessive gas consumption or potential arithmetic overflows when users claim their auction tokens.
Impact
A single small bid could dominate the auction by allowing the bidder to claim a disproportionately large amount of auctionToken relative to their bid, leading to unfair distribution and potential gas-related issues or overflow errors during token claims.
Tools Used
Manual
Recommendations
Implement a minimum bid amount to ensure that bids are above a certain threshold, preventing the scenario where a very small bid leads to an excessively large multiplier.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.