Inconsistency on the status with `block.timestamp == auctionEndTime`
Summary
For bid/unbid block.timestamp == auctionEndTime is considered as not ended
For auctionEnd block.timestamp == auctionEndTime is considered as ended
An inconsistency issue was raised.
Vulnerability Details
-
bidandunbidFunctions:These functions allow actions to be performed if
block.timestamp <= auctionEndTime. This means that bids and unbids can still be made at the exact moment whenblock.timestamp == auctionEndTime.
-
auctionEndFunction:This function allows the auction to be ended if
block.timestamp >= auctionEndTime. This means that the auction can be ended at the exact moment whenblock.timestamp == auctionEndTime.
Impact
At the exact moment when block.timestamp == auctionEndTime, both bidding/unbidding and ending the auction are allowed.
Tools Used
Manual
Recommendations
Handling block.timestamp == auctionEndTimeas ended or not ended in the validations above.
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Appeal created
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.