Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Title: Lack of Per-Wallet Cap in buy Function Leading to Centralization Risk

0xtonchi

Summary

The lack of a per-wallet cap in the buy function is a high severity issue that can lead to centralization risk and an unfair distribution of the token. Implementing a per-wallet cap and conducting thorough audits and testing are essential to address this issue and enhance the fairness and decentralization of the auction. The severity of this issue is classified as high due to the potential impact on the auction's fairness and the risk of centralization.

Vulnerability Details

The buy function in the Auction contract does not impose a per-wallet cap on the amount of shares that can be purchased. This can lead to centralization risk, where a single entity (whale) can buy a large amount of shares, leading to an unfair distribution and potential centralization of the token. This undermines the fairness and decentralization goals of the auction.

Impact

  • Centralization Risk: A single entity (whale) can buy a large amount of shares, leading to centralization and an unfair distribution of the token.

  • Loss of Fairness: The lack of a per-wallet cap can lead to an unfair auction process, where smaller participants are unable to compete with larger entities.

  • Loss of Trust: The centralization risk can lead to loss of trust in the auction platform, affecting its credibility and user participation.

Tools Used

Recommendations

  1. Per-Wallet Cap: Implement a per-wallet cap to limit the amount of shares that can be purchased by a single wallet.

  2. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the per-wallet cap logic is correctly implemented and secure.

uint256 public constant MAX_PER_WALLET = 1000 * 10**18; // Example per-wallet cap
mapping(address => uint256) public walletPurchases;
function buy(uint256 amount) external whenActive nonReentrant {
require(amount > 0, "Purchase amount must be greater than zero");
require(walletPurchases[msg.sender] + amount <= MAX_PER_WALLET, "Purchase exceeds per-wallet cap");
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
// Transfer USDC from buyer to business address
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
walletPurchases[msg.sender] += amount;
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
// Mint ZENO tokens to the buyer
zeno.mint(msg.sender, amount);
emit ZENOPurchased(msg.sender, amount, price);
// Check if auction should end early
if (state.totalRemaining == 0) {
_endAuction();
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Appeal created

0xtonchi Submitter
3 months ago
inallhonesty Lead Judge
3 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.