Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

users can submit risk free bids to inflate price

arnie

Summary

users can submit risk free bids to inflate price

Vulnerability Details

Business Logic Issue

auctions usually should not allow a user to refund his bid, if this was possible, this would allow users to artificially inflate the price of the auction and then unbid at the last second.

this can be observed in the unbid function
https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L159

function unbid(uint256 amount) external {
if (block.timestamp > auctionEndTime) {
revert AuctionAlreadyEnded();
}
uint256 userBids = bids[msg.sender];
if (userBids == 0) {
revert NoBidsToWithdraw();
}
if (amount > userBids) {
revert InvalidUnbidAmount();
}
bids[msg.sender] = bids[msg.sender].sub(amount);
totalBids = totalBids.sub(amount);
fjordPoints.transfer(msg.sender, amount);
emit BidWithdrawn(msg.sender, amount);
}

as we can see from the function above, any user can at anypoint before the auction ends can unbid and remove their bid. This will allow a malicious user to bid extremely high at the start and discourage others from bidding, the malicious user may then unbid at the end and bid lower last second to secure a lower bid.

Additionally the malicious user can inlfate the price of the auction by making it seem like the item up for auction is more desireable by placing multiple bids on separate accounts then withdrawing their bid last second.

Impact

Malicious user may inflate/ game the auction price.

Tools Used

manual review

Recommendations

do not allow users to unbid before the auction end to prevent inlfation of the actual bid price.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.