Core Contracts

Summary

The potential division-by-zero error in the buy function is a medium severity issue that can lead to unexpected reverts and auction disruption. Adding a check in the constructor to ensure that endTime is greater than startTime and conducting thorough audits and testing are essential to address this issue and enhance the stability and reliability of the auction. The severity of this issue is classified as medium due to the potential impact on the auction's functionality and user experience.

Vulnerability Details

The buy function in the Auction contract relies on the getPrice function, which calculates the auction price based on the elapsed time. The calculation involves a division operation with the denominator (state.endTime - state.startTime). If state.endTime is equal to or less than state.startTime, this would cause a division-by-zero error, leading to a revert. This issue can disrupt the auction process and cause unexpected failures.

Impact

• Unexpected Reverts: A division-by-zero error can cause the buy function to revert unexpectedly, disrupting the auction process.

• Auction Disruption: The issue can lead to auction disruption, affecting user participation and the overall efficiency of the auction.

• Loss of Trust: Unexpected failures can lead to loss of trust in the auction platform, affecting its credibility and user participation.

Tools Used

Recommendations

1. Constructor Check: Add a check in the constructor to ensure that endTime is greater than startTime to prevent division-by-zero errors.

2. Audit and Testing: Conduct a thorough audit and testing of the contract to ensure that the time-related logic is correctly implemented and secure.