Auction.sol::buy() does not account for decimals, making users unable to buy, or buy at a very high price.
Summary
The buy() in Auction.sol, lets users buy ZENO tokens while price decreases as the auction comes to an end. It calculates the price based on how much the auction has passed, using getPrice(). This price is then multiplied by the amount of ZENO tokens users want to buy, and the result is transferred from the user. Since the function does not take account if decimals, this makes the function reverts when users dont have enough USDC or takes a lot more USDC.
Vulnerability Details
In buy()
Since the price is in terms of USDC and ZENO has 18 decimals (default ERC20 value), at a price of 1 USDC, just for 1 ZENO, the users will pay 1e18 USDC.
Impact
The function is mostly unusable because of the require statement, and users will need to pay a lot more for it to pass and buy ZENO.
Tools Used
Manual Review
Recommendations
Account for decimals before transfer.
Lead Judging Commences
Auction.sol's buy() function multiplies ZENO amount (18 decimals) by price (6 decimals) without normalization, causing users to pay 1 trillion times the intended USDC amount
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.