Starknet Auction

First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Potential Overflow/Underflow in Time Calculations

Description:

  • Location in Code: The start function.

  • The calculation let bidding_end = time + bidding_duration; does not check for overflows.

  • Extremely large values could cause an overflow in the timestamp.

Impact:

  • The auction end time may be incorrect, leading to unexpected behavior.

Proof of Code:

fn start(ref self: ContractState, bidding_duration: u64, starting_bid: u64) {
let time = get_block_timestamp();
let bidding_end = time + bidding_duration; // Potential overflow
// ...
}

Recommendation:

  • Add checks to ensure bidding_duration is within reasonable limits.

  • Use safe math operations that handle overflows and underflows.

**Corrected Code: **

fn start(ref self: ContractState, bidding_duration: u64, starting_bid: u64) {
let time = get_block_timestamp();
// Check for overflow
assert(bidding_duration <= MAX_BIDDING_DURATION, 'Bidding duration too long');
let bidding_end = time + bidding_duration;
// ...
}
  • Define MAX_BIDDING_DURATION as a reasonable maximum duration.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.