Submission Details
Severity:
Insufficient Time Checks
Insufficient Time Checks
Severity: Medium
Description: The contract doesn't check if the bidding_duration is reasonable when starting the auction.
Impact: An extremely short or long auction duration could be set, potentially manipulating the auction process.
Code Part:
fn start(ref self: ContractState, bidding_duration: u64, starting_bid: u64) {
let caller = get_caller_address();
let time = get_block_timestamp();
let bidding_end = time + bidding_duration;
let erc721_dispatcher = IERC721Dispatcher { contract_address: self.erc721_token.read() };
let receiver = get_contract_address();
assert(!self.started.read(), 'Auction is already started');
assert(caller == self.nft_owner.read(), 'Not the nft owner');
self.bidding_end.write(bidding_end);
self.started.write(true);
self.highest_bid.write(starting_bid);
self.starting_price.write(starting_bid);
self.highest_bidder.write(caller);
self.emit(Started{});
erc721_dispatcher.transfer_from(caller, receiver, self.nft_id.read().into());
}
Recommendation: Implement minimum and maximum duration checks to ensure the auction duration is within reasonable bounds.
Rewards breakdown
nSLOC
132This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.