Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Invalid

Zeno AuctionEnded event can be emitted infinite times

Summary

The AuctionEnded event can be emitted multiple times for the same auction. This can lead to DoS attacks on event consumers.

Vulnerability Details

Method Auction::checkAuctionEnded have no check if the event was already emitted. This can lead to multiple calls to the AuctionEnded event.

/contracts/zeno/Auction.sol

function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
@> emit AuctionEnded(getPrice());
}

Impact

This can be used to spam the network with multiple events, which can lead to DoS attacks on event consumers.

Recommendations

Add a check if the event was already emitted.

function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
+ if (!ended) {
+ ended = true;
+ emit AuctionEnded(getPrice());
+ }
- emit AuctionEnded(getPrice());
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.