Incorrect Bid Validation in `placeBid` Function of NFTLiquidator.sol
Summary
The placeBid function in the NFTLiquidator.sol contract contains a logical error in the bid validation process. The bidder is required to provide more than the minBidAmount to successfully place a bid, but the current condition checks for a bid amount that is insufficient.
Vulnerability Details
The vulnerability exists in the placeBid function, where the check to validate if the bidder has provided sufficient funds is incorrect. The function calculates the minBidAmount as the previous highest bid plus the minimum increase percentage. However, the condition if (msg.value <= minBidAmount) incorrectly prohibits the bidder to place a bid with an amount equal to the minBidAmount, rather than allowing him to bid the minBidAmount.
This results in the bidder not being able to place a bid that is equal to the minimum required bid, which is not the intended behavior. The correct behavior should allow the bid amount to be equal to minBidAmount.
Impact
The vulnerability leads to an auction process where bidders aren't allowed to place bids equal to minBidAmount but are forced to place bids that are slightly higher than that.
Tools Used
Manual code review
Recommended Mitigation
To resolve this issue, update the bid validation logic to enforce that the bid amount is greater or equal to minBidAmount. The condition should be changed to:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.