Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Auction Parameter Validation

0xbz

Summary

The Auction contract does not validate key parameters during deployment:

Zero Allocation : If totalAllocated = 0, no ZENO tokens can be sold, making the auction meaningless.
Time Reversal : If endTime <= startTime, the getPrice function will attempt to divide by zero, causing a revert whenever the price is queried.

Vulnerability Details

The constructor of the Auction contract does not enforce constraints on the input parameters (totalAllocated, startTime, and endTime).
This allows accidental deployment with invalid values, leading to broken functionality

To ensure the Auction contract works as intended, the following preconditions must hold after deployment:

totalAllocated > 0
endTime > startTime

Violation :
Deploying with totalAllocated = 0 or endTime <= startTime violates these preconditions, breaking core functionality.

Impact

  • If totalAllocated = 0, the buy function will always fail because amount <= state.totalRemaining will never be true.

  • If endTime <= startTime, the getPrice function will attempt to divide by zero, causing all price-related operations to revert.

Tools Used

Recommendations

  • Check totalAllocated > 0

  • Check endTime > startTime

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.