Starknet Auction

First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Bidders Can Withdraw More Than Their Bid Amount

Summary

In withdraw() a bidder is able to withdraw more than the amount they deposited for a bid.

Vulnerability Details

On lines 131 - 134 a bidder is allowed to withdraw their bid amount if they had a losing bid. However, the code does not zero out their balance after amount is returned to them. This means that the bidder still has a positive balance after the withdrawal.

Impact

The bidder will be able to recall withdraw() over and over and withdraw amount worth of tokens and deplete the contract of its balance.

Tools Used

Manual Review

Recommendations

Update the code on lines 131 - 134 by adding the following after line 132: self.bid_values.entry(caller).write(0);

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Reentrancy in `withdraw` function

The `withdraw` function doesn't reset the `bid_values` to 0 after the withdraw. That means the bidder can call multiple time the `withdraw` function and receive the whole balance of the protocol.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.