Core Contracts

Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Submission Details
Severity: medium
Invalid

Title: Lack of Protection Against Flash Loan Attacks in buy Function

Summary

The lack of protection against flash loan attacks in the buy function is a high severity issue that can lead to price manipulation, financial loss, and loss of trust in the auction platform. Implementing a minimum time gap between bids and conducting thorough audits and testing are essential to address this issue and enhance the security and stability of the auction. The severity of this issue is classified as high due to the potential impact on price stability and the risk of financial loss.

Vulnerability Details

The buy function in the Auction contract does not have any protection against flash loan attacks. Attackers can use flash loans to buy large amounts of ZENO tokens and then dump them, disrupting price stability and potentially causing significant financial loss to other participants. This can undermine the integrity and stability of the auction process.

Impact

  • Price Manipulation: Attackers can use flash loans to manipulate the price of ZENO tokens, causing significant price volatility and instability.

  • Financial Loss: Other participants may suffer financial loss due to the price manipulation caused by flash loan attacks.

  • Loss of Trust: The lack of protection against flash loan attacks can lead to loss of trust in the auction platform, affecting its credibility and user participation.

Tools Used

Recommendations

  1. Minimum Time Gap: Implement a minimum time gap between bids using block.timestamp to prevent flash loan attacks.

  2. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the protection mechanisms are correctly implemented and secure.

uint256 public constant MIN_TIME_GAP = 1 minutes; // Example minimum time gap
mapping(address => uint256) public lastBidTime;
function buy(uint256 amount) external whenActive nonReentrant {
require(amount > 0, "Purchase amount must be greater than zero");
require(block.timestamp >= lastBidTime[msg.sender] + MIN_TIME_GAP, "Minimum time gap between bids not met");
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
// Transfer USDC from buyer to business address
require(usdc.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
lastBidTime[msg.sender] = block.timestamp;
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
// Mint ZENO tokens to the buyer
zeno.mint(msg.sender, amount);
emit ZENOPurchased(msg.sender, amount, price);
// Check if auction should end early
if (state.totalRemaining == 0) {
_endAuction();
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Appeal created

0xtonchi Submitter
3 months ago
inallhonesty Lead Judge
3 months ago
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.