Bidders May Be Misled by checkAuctionEnded() Regarding Auction Status
Summary
The checkAuctionEnded() function fails to account for one of the conditions that should end the auction—when all ZENO bonds have been sold. As a result, bidders may be misled into believing the auction is still ongoing when, in reality, it has already concluded due to the depletion of available bonds.
Vulnerability Details
According to the auction documentation, an auction should conclude under two possible conditions:
-
The total supply of ZENO bonds has been fully purchased.
-
The auction reaches its predefined end time.
However, the current implementation of checkAuctionEnded() only checks whether the auction has reached its end time while ignoring the case where all bonds have been sold:
Issue:
If all ZENO bonds are sold before the end time, checkAuctionEnded() will still return "Auction not ended", even though the auction should already be considered concluded.
This misleading result may cause bidders to believe they can still participate in the auction, leading to confusion and potentially wasted attempts to bid.
Tools Used
Manual Review
Recommendation
Modify checkAuctionEnded() to correctly account for both conditions that should end the auction:
Lead Judging Commences
Auction.sol's checkAuctionEnded() only verifies time-based completion, ignoring sold-out condition, contradicting documentation and preventing early auction completion signaling
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.