Off-by-One Timing Check in `buyBackNFT` Function Preventing Valid Buybacks
Summary
The buyBackNFT function in NFTLiquidator.sol uses an off-by-one timing check that incorrectly prevents valid buyback transactions when the current block timestamp is exactly equal to the auction end time.
Vulnerability Details
In the buyBackNFT function, the contract intends to allow users to repurchase liquidated NFTs before the auction period concludes. The function includes a check to ensure that the auction is still active:
This condition reverts the transaction not only when the current time is after the auction end time, but also when it is exactly equal to the auction end time. In a typical auction scenario, a buyback should be permitted if the auction is still active, which is generally defined as the current time being less than or equal to the auction end time. By using the >= operator, the contract prevents buybacks at the exact moment the auction end time is reached.
Impact
Prevented Valid Buybacks: Users attempting to repurchase NFTs exactly at the auction end time are blocked, potentially resulting in lost opportunities to recover assets.
Auction Process Disruption: The incorrect timing check may cause unexpected auction outcomes, as the boundary condition is not enforced as intended.
User Dissatisfaction: Users relying on precise auction timing may experience frustration or financial loss if they are unable to execute buybacks at the expected time.
Tools Used
Manual code review
Recommended Mitigation
-
Adjust the Timing Check: Change the conditional statement in the
buyBackNFTfunction from using>=to using a strict>operator:if (block.timestamp > data.auctionEndTime) revert AuctionHasEnded();
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.