Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect state updates in buy(), Auction.sol

hawks

Summary

The buy function allows users to purchase ZENO tokens in exchange for USDC. However, the function lacks a valid amount check (e.g., ensuring amount > 0) and updates state after making an external call, which poses a potential reentrancy risk.

Vulnerability Details

The function does not verify whether the amount is greater than zero. This allows users to execute a zero-amount purchase, updating state variables such as lastBidder

Issue: This condition only checks if amount is within available supply but does not prevent amount == 0

The function performs an external call (usdc_.transferFrom) before updating its internal state, which introduces a reentrancy risk if the USDC contract or an intermediary contract is malicious.

function buy(uint256 amount) external whenActive {
// @ audit missing check for valid amount
require(amount <= state.totalRemaining, "Not enough ZENO remaining");
uint256 price = getPrice();
uint256 cost = price * amount;
require(usdc_.transferFrom(msg.sender, businessAddress, cost), "Transfer failed");
// @ audit update state after external call
bidAmounts[msg.sender] += amount;
state.totalRemaining -= amount;
state.lastBidTime = block.timestamp;
state.lastBidder = msg.sender;
zeno.mint(msg.sender, amount);
emit ZENOPurchased(msg.sender, amount, price);
}

Impact

Users Can "Buy" ZENO for Free.

A malicious USDC contract could re-enter the function and modify user balances before state updates occur.

Tools Used

Manual review

Recommendations

Add a check require(amount > 0, "Invalid amount");

Update the state before external calls.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.