Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Auction Finalization in Auction.sol::checkAuctionEnded function

ghufranhassan1

Summary

The checkAuctionEnded function does not finalize the auction or prevent further bids. After the auction ends, users could still call buy if the state.endTime is not enforced.

function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
emit AuctionEnded(getPrice());
}

Vulnerability Details

The checkAuctionEnded function is intended to check if the auction has ended (i.e., the current time is past the state.endTime). However, it does not update the contract state to mark the auction as ended or prevent further bids. As a result, users could still call the buy function after the auction has ended, as long as the state.endTime is not enforced in the buy function.

Impact

Users can continue to place bids even after the auction has officially ended, leading to unfair advantages or exploitation.

  • The state.endTime is reached, but the auction is not marked as ended.

  • The checkAuctionEnded function can be called, but it does not update the contract state to prevent further bids.

  • Users can still call the buy function and place bids, even though the auction is supposed to be over.

  • This could lead to unfair advantages, such as users buying tokens at the reserve price after the auction has ended.

  • The contract state (e.g., state.totalRemaining, state.lastBidder) may not reflect the true state of the auction, leading to confusion or exploitation.

This is the example scenario

  1. Auction Parameters:

    • startTime: 10:00 AM

    • endTime: 12:00 PM

    • startingPrice: 100 USDC per ZENO

    • reservePrice: 50 USDC per ZENO

  2. Auction Ends:

    • At 12:00 PM, the auction officially ends.

    • The checkAuctionEnded function is called, but it does not mark the auction as ended.

  3. Exploitation:

    • At 12:05 PM, a user calls the buy function and purchases ZENO tokens at the reserve price (50 USDC per ZENO).

    • This is unfair to other users who followed the rules and stopped bidding at 12:00 PM.

Tools Used

Manual Review

Recommendations

After implementing following fix then once the auction ends, no further bids can be placed, ensuring fairness and consistency:

  • Add auctionEnded state variable to track whether the aution has ended. It is set to true when the checkAuctionEnded function is called after the auction end time.

  • The whenActive modifier now checks if the auction has ended (!auctionEnded). This prevents the buy function from being called after the auction has ended.

  • The checkAuctionEnded() function now marks the auction as ended by setting auctionEnded = true. It also emits an AuctionEnded event for transparency.

+bool public auctionEnded; // Add a state variable to track auction end
modifier whenActive() {
+require(!auctionEnded, "Auction ended"); // Ensure auction is not ended
require(block.timestamp > state.startTime, "Auction not started");
require(block.timestamp < state.endTime, "Auction ended");
_;
}
function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
+ auctionEnded = true; // Mark the auction as ended
emit AuctionEnded(getPrice()); // Emit an event for transparency
}
function buy(uint256 amount) external whenActive {
// Ensure the auction has not ended
+ require(!auctionEnded, "Auction has ended");
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
zeno.mint(msg.sender, amount);
emit ZENOPurchased(msg.sender, amount, price);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
6 months ago
inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.