Off‐by‐One Error in Auction End Time Check
Summary
The checkAuctionEnded() function uses a boundary condition that may prematurely mark the auction as ended, resulting in an off‐by‐one error.
Vulnerability Details
The function includes the following check:
This condition implies that as soon as the block timestamp equals the auction’s endTime, the auction is considered ended. However, the endTime should represent the last timestamp during which users are allowed to participate in the auction. In other words, bids should be accepted if the current time is exactly equal to endTime. By using the >= operator, the contract may treat the auction as ended at the exact moment of endTime, which could prevent valid bids during the final second.
Impact
If the auction ends too early, users may be unable to submit bids during the final allowable moment, potentially leading to reduced participation or disputes over auction outcomes. This could harm the fairness of the auction process and negatively impact the protocol’s reputation.
Tools Used
Manual Review
Recommended Mitigation
Adjust the condition in the checkAuctionEnded() function to ensure that bids can be accepted at exactly endTime. For example, change the condition to:
This modification ensures that the auction is considered active until the timestamp is strictly greater than endTime.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.