Bid Amount Overwritten on Multiple Bids
Description:
Location in Code: The
bidfunction.When a bidder places multiple bids, their previous bid amount is overwritten in the
bid_valuesmapping.Bidders can only withdraw their last bid amount, losing previous bids if they are not the highest bidder.
Impact:
Bidders lose funds from previous bids if they do not win.
Discourages participation, affecting the competitiveness of the auction.
Proof of Code:
Recommendation:
Accumulate total bid amounts for each bidder to ensure they can withdraw the full amount if they lose.
Modify the
bidfunction to sum the bids.
Corrected Code:
Lead Judging Commences
Wrong bid amount in `bid` function
In the `bid` function the bid values are stored using `self.bid_values.entry(sender).write(amount)` directly, but this overwrites any previous bids made by the same bidder. Therefore if a participant makes 2 or more bids, the participant can then withdraw only the last value of the last bid. That is incorrect, the protocol should save all bids and a participant should withdraw the value of the all unsuccessful bids.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.