Submission Details
Severity:
NFT_owner is not changed after the auction ends
Summary
The variable nft_owner reflects who owns the NFT in this auction system. When the auction ends, nft balance is changed but the nft_owner variable is not updated and it stills show the same owner after auction end as at the start.
Vulnerability Details
Impact
Incorrect state of the variables.
Tools Used
Test Output
NFT owner at start of auction [469394814521890341860918960550914]
Nft balance of bidder of 111 before END is 0
Nft balance of bidder of 3261725658685625214387356271586076291828489518716458212830507939744925554858 before END is 1
Nft balance of bidder of 111 after END is 1
Nft balance of bidder of 3261725658685625214387356271586076291828489518716458212830507939744925554858 after END is 0
NFT owner at end of auction [469394814521890341860918960550914]
[PASS] starknet_auction_integrationtest::test_contract::test_call_end (gas: ~2393)
Test Script
#[test]
fn test_call_end() {
let (auction_dispatcher, auction_contract, erc20_contract_address, erc721_contract_address) =
deploy_auction_contract();
//The owner calls the start function and the auction begins.
auction_dispatcher.start(86400, 10);
println!(
"NFT owner at start of auction {:?}", load(auction_contract, selector!("nft_owner"), 1)
);
let erc20_dispatcher = IMockERC20TokenDispatcher { contract_address: erc20_contract_address };
let erc721_dispatcher = IERC721Dispatcher { contract_address: erc721_contract_address };
//Change the caller address
let first_bidder_address: ContractAddress = 123.try_into().unwrap();
start_cheat_caller_address_global(first_bidder_address);
erc20_dispatcher.mint(first_bidder_address, 20);
erc20_dispatcher.token_approve(auction_contract, 20);
//The first bidder calls the bid function with amount of 11.
auction_dispatcher.bid(11);
stop_cheat_caller_address_global();
// Define the second bidder address
let second_bidder_address: ContractAddress = 111.try_into().unwrap();
start_cheat_caller_address_global(second_bidder_address);
erc20_dispatcher.mint(second_bidder_address, 15);
erc20_dispatcher.token_approve(auction_contract, 15);
//The second bidder calls the bid function with amount of 15.
auction_dispatcher.bid(15);
stop_cheat_caller_address_global();
let time = get_block_timestamp();
start_cheat_block_timestamp(auction_contract, time + 86401);
start_cheat_caller_address_global(auction_contract);
erc721_dispatcher.approve(second_bidder_address, 1);
// erc20_dispatcher.token_approve(second_bidder_address, 15);
stop_cheat_caller_address_global();
let nft_balance = erc721_dispatcher.balance_of(auction_contract);
assert(nft_balance == 1, 'Nft balance must be 1');
let nft_balance_highest_bidder = erc721_dispatcher.balance_of(second_bidder_address);
println!(
"Nft balance of bidder of {second_bidder_address:?} before END is {nft_balance_highest_bidder:?}"
);
let nft_balance_auction_contract = erc721_dispatcher.balance_of(auction_contract);
println!(
"Nft balance of bidder of {auction_contract:?} before END is {nft_balance_auction_contract:?}"
);
auction_dispatcher.end();
// start_cheat_caller_address_global(second_bidder_address);
// auction_dispatcher.withdraw();
// stop_cheat_caller_address_global();
let nft_balance_highest_bidder = erc721_dispatcher.balance_of(second_bidder_address);
println!(
"Nft balance of bidder of {second_bidder_address:?} after END is {nft_balance_highest_bidder:?}"
);
let nft_balance_auction_contract = erc721_dispatcher.balance_of(auction_contract);
println!(
"Nft balance of bidder of {auction_contract:?} after END is {nft_balance_auction_contract:?}"
);
println!("NFT owner at end of auction {:?}", load(auction_contract, selector!("nft_owner"), 1));
stop_cheat_block_timestamp(auction_contract);
}
Recommendations
The nft_owner variable should be assigned the address of the auction winner that was the highest bidder in the auction.
Rewards breakdown
nSLOC
132This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.