Incorrect Handling of Edge Cases in Auction Active Period Modifier
Summary
The whenActive modifier uses strict inequality operators that exclude the boundary timestamps, potentially disallowing valid auction participation at the exact start or end times.
Vulnerability Details
The modifier is defined as follows:
Using the > operator for the start time means that if block.timestamp is exactly equal to state.startTime, the condition fails and the auction is not considered active—even though the design intent may be to allow bidding starting at state.startTime. Similarly, using < for the end time excludes the moment when block.timestamp equals state.endTime, even though that timestamp should be considered part of the active auction period.
Impact
Excluding the exact start and end times from the active period may prevent users from placing bids at the very beginning and very end of the auction. This could reduce participation and introduce discrepancies between the intended auction behavior and its actual operation.
Tools Used
Manual Review
Recommended Mitigation
Update the modifier to include the boundary timestamps by changing the conditions as follows:
This change ensures that the auction is active from the start time (inclusive) through the end time (inclusive).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.