Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Off-by-One Bug in Auction Start Time Preventing Bids at Start

igdbaxe

Impact

The auction contract's whenActive modifier uses a strict > check for the start time, which means bids made exactly at state.startTime are rejected. This can cause users to miss the first valid bid opportunity, reducing auction participation.

Proof of Concept

The issue is in this code:

modifier whenActive() {
require(block.timestamp > state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}

A bid made at block.timestamp == state.startTime fails the first check, even though the auction should be active.
Reference: whenActive modifier

  • From getPrice too we can see that it's intended for the auction to be active even at the startime where it queries/return the price at the 3rd conditon

return state.startingPrice - (
(state.startingPrice - state.reservePrice) *
(block.timestamp - state.startTime) /
(state.endTime - state.startTime)
);

for the block.timestamp >= state.startTime.

Tools Used

  • Manual code review

Recommended Mitigation Steps

Change the check to allow bids at the exact start time by replacing > with >=:

modifier whenActive() {
require(block.timestamp >= state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!