Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing auction completion validation in checkAuctionEnded, Auction.sol

hawks

Summary

The checkAuctionEnded function is responsible for verifying if the auction has ended. However, the current implementation does not properly track the auction’s completion, which can lead to unintended behavior.

Vulnerability Details

Lack of a completion flag: The function does not track whether the auction has already been finalized, allowing multiple calls and redundant event emissions.

Potential re-entrancy risks: If other contract logic depends on the auction ending status, an attacker could attempt to exploit the lack of a clear termination state.

function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
emit AuctionEnded(getPrice());
}

Impact

The auction may never officially end within the contract logic, leading to incorrect function behavior.

The AuctionEnded event could be emitted multiple times, causing confusion for off-chain systems tracking the auction.

External functions that rely on the auction’s finality may fail to execute correctly

Tools Used

Manual review

Recommendations

To properly finalize the auction and prevent multiple calls to checkAuctionEnded(), introduce a boolean flag auctionEnded.

bool public auctionEnded = false;
function checkAuctionEnded() external {
require(block.timestamp >= state.endTime, "Auction not ended");
emit AuctionEnded(getPrice());
auctionEnded = true; // Mark auction as finalized
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.