Fjord Token Staking

Fjord

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

No validation for _biddingTime in FjordAuction contract

sonny2k

Summary

The auction can be created with very short bidding time, breaking the user's ability to bid for tokens

Vulnerability Details

In FjordAuction.sol, There is no validation for _biddingTime, making the auctionEndTime almost equal to the current time (block.timestamp). If this happens, users can't bid or unbid due to the short amount of time. The creator is also affected as they have to deploy a new auction again which is wasting the gas fee.

//The validation that makes bid and unbid revert when current time passes auctionEndTime

if (block.timestamp > auctionEndTime) {

revert AuctionAlreadyEnded();

}

Impact

Causing inconvenience for users as well as time & money wasting for the auction creator.

Tools Used

Manual Analysis

Recommendations

Consider adding a minimum duration for _biddingTime in constructor, maybe >= 30 minutes for example.

+ error InvalidBiddingTime();

...

// 30 minutes = 1800 seconds

+ if (_biddingTime < 1800) {

+ revert InvalidBiddingTime();

+ }

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

662

30 USDC / LOC

High Medium

16,000 USDC

Low

2,500 USDC

Judges

1,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.