Submission Details
Severity:
Wrong value emitted in the event called `NewHighestBid`
Summary
In the bid function, the event called NewHighestBid emits a wrong amount value when a new bid is placed.
Vulnerability Details
The event is placed before the `highest_bid` variable gets updated.
https://github.com/Cyfrin/2024-10-starknet-auction/blob/main/src/starknet_auction.cairo#L109
fn bid(ref self: ContractState, amount: u64) {
let time = get_block_timestamp();
let erc20_dispatcher = IERC20Dispatcher { contract_address: self.erc20_token.read() };
let sender = get_caller_address();
let receiver = get_contract_address();
let current_bid = self.highest_bid.read();
assert(self.started.read(), 'Auction is not started');
assert(time < self.bidding_end.read(), 'Auction ended');
assert(amount > current_bid, 'The bid is not sufficient');
self.bid_values.entry(sender).write(amount);
@> self.emit(NewHighestBid {amount: self.highest_bid.read(), sender: sender});
self.highest_bidder.write(sender);
@> self.highest_bid.write(amount);
erc20_dispatcher.transfer(receiver, amount.into());
}
Impact
The event will emit the amount value of the second highest bid
Tools Used
Manual review
Recommendations
fn bid(ref self: ContractState, amount: u64) {
let time = get_block_timestamp();
let erc20_dispatcher = IERC20Dispatcher { contract_address: self.erc20_token.read() };
let sender = get_caller_address();
let receiver = get_contract_address();
let current_bid = self.highest_bid.read();
assert(self.started.read(), 'Auction is not started');
assert(time < self.bidding_end.read(), 'Auction ended');
assert(amount > current_bid, 'The bid is not sufficient');
self.bid_values.entry(sender).write(amount);
- self.emit(NewHighestBid {amount: self.highest_bid.read(), sender: sender});
self.highest_bidder.write(sender);
self.highest_bid.write(amount);
+ self.emit(NewHighestBid {amount: self.highest_bid.read(), sender: sender});
erc20_dispatcher.transfer(receiver, amount.into());
}
Updates
Lead Judging Commences
bube 8 months ago
Submission Judgement Published Assigned finding tags:
Incorrectly emitted parameter in `NewHighestBid` event
The `bid` function emits `NewHighestBid` event with wrong parameter. The `amount` parameter is `self.highest_bid.read()` that is called before the update of the `highest_bid` variable.
Rewards breakdown
nSLOC
132This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.