Starknet Auction
First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Inadequate Handling of No Bids Scenario

mayank

Description:

  • Location in Code: The end function.

  • If no bids are placed above the starting price, the assertion assert(self.starting_price.read() < self.highest_bid.read(), 'No bids'); prevents the auction from ending.

  • The NFT remains locked in the contract indefinitely.

Impact:

  • The NFT owner loses access to their NFT.

  • Funds and assets become irretrievable, causing financial loss.

Proof of Code:

fn end(ref self: ContractState) {
// ...
assert(self.starting_price.read() < self.highest_bid.read(), 'No bids');
// ...
}

Recommendation:

  • Modify the end function to handle cases with no bids.

  • Return the NFT to the owner if no valid bids were made.

Corrected Code:

fn end(ref self: ContractState) {
// ...
if self.starting_price.read() >= self.highest_bid.read() {
// No bids received, return NFT to owner
erc721_dispatcher.safe_transfer_from(sender, self.nft_owner.read(), self.nft_id.read().into());
} else {
// Transfer NFT to highest bidder
erc721_dispatcher.safe_transfer_from(sender, self.highest_bidder.read(), self.nft_id.read().into());
}
// ...
}
Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

The NFT will be locked if there are no bids

If there are no placed bids in the auction, the `end` function will always revert. The owner can not receive back the nft ant it will be locked in the contract.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.