Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Input Parameter Validation in Constructor in `Auction` contract might render it unusable

roccomania

https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/zeno/Auction.sol

Description

The Auction contract's constructor does not validate critical input parameters, such as:

  • _startTime: The timestamp when the auction starts.

  • _endTime: The timestamp when the auction ends.

  • _startingPrice: The initial price of ZENO tokens at the start of the auction.

  • _reservePrice: The minimum price of ZENO tokens at the end of the auction.

  • _totalAllocated: The total number of ZENO tokens allocated for the auction.

Without proper validation, the contract could be initialized with invalid or malicious values, leading to unexpected behavior or rendering the auction unusable.

Impact

  1. Invalid Auction Timing:

    • If _startTime is set to a timestamp in the past, the auction will start immediately, potentially catching users off guard.

    • If _endTime is set to a timestamp before _startTime, the auction will end before it starts, making it impossible for users to participate.

  2. Invalid Pricing:

    • If _startingPrice is set lower than _reservePrice, the price calculation in getPrice will result in incorrect or negative values, breaking the auction logic.

    • If _startingPrice or _reservePrice is set to 0, the auction will effectively give away ZENO tokens for free.

  3. Zero or Negative Allocation:

    • If _totalAllocated is set to 0, the auction will have no tokens to sell, rendering it useless.

    • If _totalAllocated is set to an excessively large value, it could lead to integer overflow or other unexpected behavior.

  4. Business Logic Failure:

    • Invalid parameters could cause the auction to behave unpredictably, leading to financial losses for users or the business.

Proof of Concept

Consider the following scenario:

  1. The contract is deployed with the following parameters:

    • _startTime = 0 (invalid, as it is in the past).

    • _endTime = 100 (invalid, as it is before _startTime).

    • _startingPrice = 100 (invalid, as it is less than _reservePrice = 200).

    • _totalAllocated = 0 (invalid, as no tokens are allocated for the auction).

  2. The auction will start immediately (due to _startTime = 0) and end at timestamp 100.

  3. The getPrice function will return incorrect or negative values due to _startingPrice < _reservePrice.

  4. Users will be unable to participate in the auction, as _totalAllocated = 0.

Recommendations

Add input validation in the constructor to ensure that:

  1. _startTime is in the future.

  2. _endTime is after _startTime.

  3. _startingPrice is greater than _reservePrice.

  4. _totalAllocated is greater than 0.

Here is the updated constructor with input validation:

constructor(
address _zenoAddress,
address _usdcAddress,
address _businessAddress,
uint256 _startTime,
uint256 _endTime,
uint256 _startingPrice,
uint256 _reservePrice,
uint256 _totalAllocated,
address _initialOwner
) Ownable(_initialOwner) {
require(_startTime > block.timestamp, "Start time must be in the future");
require(_endTime > _startTime, "End time must be after start time");
require(_startingPrice > _reservePrice, "Starting price must be greater than reserve price");
require(_totalAllocated > 0, "Total allocated must be greater than 0");
zeno = ZENO(_zenoAddress);
usdc = IUSDC(_usdcAddress);
businessAddress = _businessAddress;
state = AuctionState({
startTime: _startTime,
endTime: _endTime,
startingPrice: _startingPrice,
reservePrice: _reservePrice,
totalAllocated: _totalAllocated,
totalRemaining: _totalAllocated,
lastBidTime: 0,
lastBidder: address(0)
});
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.