Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect Auction Start Time Validation Leading to Unintended Reverts

chista0x

Summary

The whenActive modifier in the Auction.sol contract incorrectly checks the auction's start time using a strict greater-than comparison (>) instead of a greater-than-or-equal-to comparison (>=). This causes valid transactions at the exact start time to be rejected, even though the auction should be active.

Vulnerability Details

The modifier currently uses the condition:

contracts\zeno\Auction.sol

modifier whenActive() {
require(block.timestamp > state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}
function buy(uint256 amount) external whenActive {
...

This condition excludes the moment when block.timestamp is exactly equal to state.startTime. As a result, if a user calls the buy function at the precise start time of the auction, the transaction will revert with "Auction not started" despite the auction being intended as active from that moment.

Impact

  • User Experience: Bidders may experience confusion and frustration if their transactions are unexpectedly reverted at the start time, leading to potential loss of gas fees.

  • Fairness: The auction could inadvertently disadvantage users trying to place bids at the exact start time, affecting the auction's integrity and fairness.

Tools Used

Manual

Recommendations

modifier whenActive() {
require(block.timestamp >= state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.