Core Contracts

Summary

The incorrect pricing logic in the getPrice function is a medium severity issue that can lead to potential overpayment or underpayment by buyers and inaccurate pricing in the auction. Using fixed-point math to ensure accurate price calculations and conducting thorough audits and testing are essential to address this issue and enhance the fairness and efficiency of the auction. The severity of this issue is classified as medium due to the potential financial impact and the importance of accurate pricing in the auction.

Vulnerability Details

The getPrice function in the Auction contract contains a Dutch auction price formula that does not properly round the price or account for integer division rounding errors. This can cause an incorrect final price that does not match the expected price curve, leading to buyers potentially overpaying or underpaying based on incorrect calculations. The function should use fixed-point math to ensure accurate price calculations.

Impact

• Overpayment or Underpayment: Buyers may overpay or underpay based on incorrect price calculations, leading to potential financial loss or unfair advantage.

• Inaccurate Pricing: The incorrect price calculations can lead to inaccurate pricing, affecting the overall fairness and efficiency of the auction.

Tools Used

manual review

Recommendations

1. Fixed-Point Math: Use fixed-point math (like wadDiv in OpenZeppelin SafeMath) to ensure accurate price calculations and proper rounding.

2. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the price calculation logic is correctly implemented and secure.