Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Possibility to place an unlimited bid with a zero amount.

golomp3761

Summary

There is a possibility for an unlimited number of zero-value bids in the contract. To avoid potential errors, input validation should be applied to all data received from the client.

Vulnerability Details

There is a possibility for an unlimited number of zero-value bids in the contract. To avoid potential errors, input validation should be applied to all data received from the client.

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L143

Impact

Although zero-value bids do not directly affect the contract's balance, they can increase the number of operations performed on the contract, leading to wasted computational resources and higher transaction costs for other users. This can also impact the overall efficiency of the contract.

POC

function testUnlimitedZeroBid() public {
address bidder = address(0x2);
vm.startPrank(bidder);
uint256 i = 0;
while (i < 1000000) {
auction.bid(0);
i++;
}
auction.auctionEnd();
vm.stopPrank();
}

Tools Used

Manual Review, Foundry

Recommendations

To mitigate these risks, appropriate validations should be implemented in the bid() function to reject zero-value bids and ensure that only valid bids are considered in further calculations and contract operations. You should always use input validation from users.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.