Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Auction Start Time Can Be Set in the Past

pelz

Summary

The AuctionState struct is initialized in the constructor without verifying that the provided startTime is in the future. This oversight allows the auction to start at a past timestamp, potentially leading to unintended auction behavior.

Vulnerability Details

In the constructor:

state = AuctionState({
startTime: _startTime, // @audit-issue check and ensure start-time is in the future
endTime: _endTime,
startingPrice: _startingPrice,
reservePrice: _reservePrice,
totalAllocated: _totalAllocated,
totalRemaining: _totalAllocated,
lastBidTime: 0,
lastBidder: address(0)
});

Without validating _startTime, a malicious deployer or misconfigured deployment can set the startTime to a value less than block.timestamp. This could immediately open the auction or even skip critical auction phases.

Impact

  • The auction may start unintentionally upon deployment.

  • Participants could exploit the timing to gain unfair advantages.

  • Scheduled auctions could be invalidated, affecting user trust and platform integrity.

Tools Used

Manual code review.

Recommendations

Add a require statement to enforce future start times:

require(_startTime >= block.timestamp, "Start time must be in the future");

Additionally, ensure endTime is after startTime:

require(_endTime > _startTime, "End time must be after start time");
Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.