Starknet Auction
First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Data Type Mismatch in `bid()` Function

bhorprakash

Summary

During the review of the smart contract code, a potential issue was identified in the bid() function, specifically concerning the data types used for the bid amount. The function accepts a bid amount as a u64 but calls an ERC20 token transfer() method that requires a u128. This discrepancy could lead to compile-time or runtime errors.

Finding Details

  • Function Involved: bid(ref self: ContractState, amount: u64)

  • Data Type Issue:

    • The amount parameter is of type u64.

    • The transfer() method from the ERC20 contract expects a u128.

Impact

  • Severity Level: Low

  • Type of Impact:

    • If the type conversion is not handled properly, it may result in type mismatch errors at compile-time or runtime.

    • Users may experience failed transactions if the type conversion is not explicitly defined, leading to poor user experience during bidding events.

  • Security Impact: None. This issue does not introduce vulnerabilities like fund loss, reentrancy attacks, or incorrect state updates.

Recommended

To ensure compatibility between the u64 bid amount and the u128 required for the token transfer, it is recommended to implement a safe conversion as follows:

let amount_u128: u128 = amount.into();
erc20_dispatcher.transfer(receiver, amount_u128);

While the issue is classified as low severity, addressing this data type mismatch is crucial for ensuring smooth interactions with ERC20 token functions and enhancing the overall user experience. Implementing the recommended conversion will eliminate potential errors associated with type mismatches.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.