Starknet Auction
First Flight #26
Beginner FriendlyNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`transfer` function used instead of the `transfer_from` one

4th05

Summary

transfer function is used to transfer amount of bids to the contract, instead of the transfer_from function.

Vulnerability Details

The contract should receive the amount from the sender/callerand not from itself.

https://github.com/Cyfrin/2024-10-starknet-auction/blob/main/src/starknet_auction.cairo#L113

fn bid(ref self: ContractState, amount: u64) {
let time = get_block_timestamp();
let erc20_dispatcher = IERC20Dispatcher { contract_address: self.erc20_token.read() };
let sender = get_caller_address();
let receiver = get_contract_address();
let current_bid = self.highest_bid.read();
assert(self.started.read(), 'Auction is not started');
assert(time < self.bidding_end.read(), 'Auction ended');
assert(amount > current_bid, 'The bid is not sufficient');
self.bid_values.entry(sender).write(amount);
self.emit(NewHighestBid {amount: self.highest_bid.read(), sender: sender});
self.highest_bidder.write(sender);
self.highest_bid.write(amount);
@> erc20_dispatcher.transfer(receiver, amount.into());
}

Impact

The contract will not get the additional amount of ERC20 tokens expected from the caller.

Tools Used

Manual review

Recommendations

Call transfer_from function instead of the transfer one.

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

4th05 Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`transfer` instead of `transfer_from`

In the `bid` function is wrongly used `transfer` function instead `transfer_from`.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.