Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Users Cannot Purchase at Reserve Price Due to whenActive Modifier

s0x0mtee

Summary

The buy function is restricted by the whenActive modifier, which ensures that purchases can only occur while the auction is active. However, this prevents users from buying ZENO tokens at the reserve price after the auction ends.

Vulnerability Details

  • The whenActive modifier enforces that block.timestamp must be within the start and end times of the auction.

  • When the auction ends, the function becomes inaccessible, meaning users cannot purchase at the reserve price even if tokens remain unsold.

  • This contradicts the expected behavior of an auction where remaining tokens should be available at the reserve price.

Impact

  • Unsold ZENO tokens cannot be acquired at the reserve price.

  • The auction may fail to distribute all allocated tokens, affecting the project's fundraising goals.

  • Users expecting to purchase at the reserve price will be unable to do so.

Tools Used

  • Manual code review

Recommendations

  • Introduce a post-auction purchase mechanism that allows users to buy ZENO at the reserve price after the auction ends.

  • Modify whenActive to allow purchases at state.reservePrice if block.timestamp >= state.endTime.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Auction.sol's whenActive modifier prevents bidding at endTime when price reaches reservePrice, contradicting documentation and preventing purchases at the intended floor price

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!