Starknet Auction
First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Token Transfer Logic in bid Function

adamszymanski

Summary

The bid function incorrectly attempts to transfer ERC20 tokens from the contract to itself instead of from the bidder to the contract.

Vulnerability Details

The bid function uses erc20_dispatcher.transfer(receiver, amount.into());, which transfers tokens from the contract to the receiver (the contract itself). This does not result in the bidder's tokens being transferred to the contract.

Code Reference:

// In bid function
erc20_dispatcher.transfer(receiver, amount.into());
// Incorrectly attempts to transfer tokens from the contract to itself

Impact

  • Bids Without Payment: Users can place bids without transferring any tokens to the contract.

  • Financial Loss to Owner: The auction owner may transfer the NFT without receiving payment.

Recommendations

  • Correct Transfer Function Usage: Use transfer_from to transfer tokens from the bidder to the contract:

    // Corrected transfer call
    erc20_dispatcher.transfer_from(sender, receiver, amount.into());

  • Require Approval: Ensure that bidders have approved the contract to spend their tokens prior to bidding.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`transfer` instead of `transfer_from`

In the `bid` function is wrongly used `transfer` function instead `transfer_from`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.