Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Attacker can DOS user from placing new bids

0xgh0st

Summary

Attacker became the new bidder. All new bid to claim the Nft will be rejected since Attack contract does not have a fallback function, denying to accept the Ether sent from NFTLiquidator before the new data.highestBidder is set.

Vulnerability Details

  • As we can see, if a new bidder places a higher bid than the previous one, the contract will refund the previous bidder with the amount of Ether they sent and update the data. However, this can become an issue because, as we know, Ether requires a special function to receive it.

function placeBid(uint256 tokenId) external payable {
TokenData storage data = tokenData[tokenId];
if (block.timestamp >= data.auctionEndTime) revert AuctionHasEnded();
uint256 minBidAmount = data.highestBid + (data.highestBid * minBidIncreasePercentage / 100);
if (msg.value <= minBidAmount) revert BidTooLow(minBidAmount);
if (data.highestBidder != address(0)) {
payable(data.highestBidder).transfer(data.highestBid); <@ audit
}
data.highestBid = msg.value;
data.highestBidder = msg.sender;
emit BidPlaced(tokenId, msg.sender, msg.value);
}

Impact

Prevent users from placing new bids and cause losses to the protocol.

Tools Used

Manual audit

Recommendations

One way to prevent denial of service is to allow the users to withdraw their Ether instead of sending it.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!