Submission Details
Severity:
Incorrect `if` condition in the `NFTLiquidator::placeBid` function.
Summary
The if condition prevents users from placing a bid equal to minBidAmount.
Vulnerability Details
If the user tries to bid with minBidAmount, the condition will revert since if (msg.value <= minBidAmount), due to the <= in the if condition.
function placeBid(uint256 tokenId) external payable {
TokenData storage data = tokenData[tokenId];
if (block.timestamp >= data.auctionEndTime) revert AuctionHasEnded();
@>> uint256 minBidAmount = data.highestBid + (data.highestBid * minBidIncreasePercentage / 100);
@>> if (msg.value <= minBidAmount) revert BidTooLow(minBidAmount);
if (data.highestBidder != address(0)) {
payable(data.highestBidder).transfer(data.highestBid);
}
data.highestBid = msg.value;
data.highestBidder = msg.sender;
emit BidPlaced(tokenId, msg.sender, msg.value);
}
Impact
The user will not be able to place a bid equal to minBidAmount.
Recommendations
function placeBid(uint256 tokenId) external payable {
TokenData storage data = tokenData[tokenId];
if (block.timestamp >= data.auctionEndTime) revert AuctionHasEnded();
uint256 minBidAmount = data.highestBid + (data.highestBid * minBidIncreasePercentage / 100);
- if (msg.value <= minBidAmount) revert BidTooLow(minBidAmount);
+ if (msg.value < minBidAmount) revert BidTooLow(minBidAmount);
if (data.highestBidder != address(0)) {
payable(data.highestBidder).transfer(data.highestBid);
}
data.highestBid = msg.value;
data.highestBidder = msg.sender;
emit BidPlaced(tokenId, msg.sender, msg.value);
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.