Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Incorrect Price Calculation Due to reservePrice Being Greater Than startingPrice in Auction.sol contstructor

dystopiaxyz

Summary

The constructor does not validate that reservePrice is less than or equal to startingPrice. If reservePrice > startingPrice, the getPrice() function will return a negative value, which is invalid in Solidity and can cause unexpected behavior.

Vulnerability Details

The getPrice() function calculates the price using this formula:

function getPrice() public view returns (uint256) {
if (block.timestamp < state.startTime) return state.startingPrice;
if (block.timestamp >= state.endTime) return state.reservePrice;
>> return state.startingPrice - (
(state.startingPrice - state.reservePrice) *
(block.timestamp - state.startTime) /
(state.endTime - state.startTime)
);
}

If state.reservePrice > state.startingPrice, then:

  • (state.startingPrice - state.reservePrice) becomes negative.

  • This results in an invalid subtraction operation, potentially breaking the contract’s logic.

  • Since Solidity does not support negative numbers in uint256 arithmetic, this underflow will likely cause a revert or unintended behavior.

constructor(
address _zenoAddress,
address _usdcAddress,
address _businessAddress,
uint256 _startTime,
uint256 _endTime,
uint256 _startingPrice,
uint256 _reservePrice,
uint256 _totalAllocated,
address _initialOwner
) Ownable(_initialOwner) {
zeno = ZENO(_zenoAddress);
usdc = IUSDC(_usdcAddress);
businessAddress = _businessAddress; //@audit-issue : If reservePrice > startingPrice, getPrice() breaks and can return a negative number
state = AuctionState({
startTime: _startTime,
endTime: _endTime,
startingPrice: _startingPrice,
reservePrice: _reservePrice,
totalAllocated: _totalAllocated,
totalRemaining: _totalAllocated,
lastBidTime: 0,
lastBidder: address(0)
});
}

Impact

Contract Malfunction: The auction may not function correctly, as the getPrice() calculation will break, potentially leading to a revert or incorrect price values.

Bid Rejection: Users may be unable to place bids if price calculations fail due to underflow.

Auction Fails: If the auction price mechanism is broken, no valid bids can be placed, rendering the auction useless.

Tools Used

Manual Review

Recommendations

Add a Check in the Constructor to Ensure reservePricestartingPrice

Modify the constructor to validate input values and prevent this issue:

constructor(
address _zenoAddress,
address _usdcAddress,
address _businessAddress,
uint256 _startTime,
uint256 _endTime,
uint256 _startingPrice,
uint256 _reservePrice,
uint256 _totalAllocated,
address _initialOwner
) Ownable(_initialOwner) {
zeno = ZENO(_zenoAddress);
usdc = IUSDC(_usdcAddress);
businessAddress = _businessAddress;
++ if (_reservePrice > _startingPrice) revert InvalidReservePrice();
state = AuctionState({
startTime: _startTime,
endTime: _endTime,
startingPrice: _startingPrice,
reservePrice: _reservePrice,
totalAllocated: _totalAllocated,
totalRemaining: _totalAllocated,
lastBidTime: 0,
lastBidder: address(0)
});
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!