Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of slippage protection in auction buys

0x15_eth

Summary

The buy function in the Auction contract does not implement any slippage protection:

function buy(uint256 amount) external whenActive {
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer
failed");
// ...
}

The price is calculated at the time of execution but could change between the time a transaction is submitted and when it's executed due to block times and MEV.

This is particularly problematic in high-gas situations where transactions might take several blocks to be included, leading to significant price differences.

Impact

Users could pay more than they intended if the price increases during this window. This means the actual amount burned will be significantly larger than intended, as it's not
properly scaled down to match the internal balance representation.

Tools Used

Manual review

Recommendations

Add a minAmountOut for slippage protection

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0x15_eth Submitter
4 months ago
inallhonesty Lead Judge
4 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.