Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: high

Invalid

`BidBeastsNFTMarket` contract does not provide a `minimum bid amount`.

minos

`BidBeastsNFTMarket` contract does not provide a `minimum bid amount`.

Description

Under normal circumstances, when a buyer places a bid, they will consider the price appropriately, and the price must be higher than the previous bid amount.
However, buyers cannot accurately estimate the minimum bid amount and must manually fill in an amount. This may result in the buyer paying an amount greater than their true psychological amount.
BidBeastsNFTMarketPlace.sol is as follows:

function placeBid(uint256 tokenId) external payable isListed(tokenId) {

// ...Original code

if (previousBidAmount == 0) {

requiredAmount = listing.minPrice;

require(msg.value > requiredAmount, "First bid must be > min price");

listing.auctionEnd = block.timestamp + S_AUCTION_EXTENSION_DURATION;

emit AuctionExtended(tokenId, listing.auctionEnd);

} else {

@> requiredAmount = (previousBidAmount / 100) * (100 + S_MIN_BID_INCREMENT_PERCENTAGE);

require(msg.value >= requiredAmount, "Bid not high enough");

uint256 timeLeft = 0;

if (listing.auctionEnd > block.timestamp) {

timeLeft = listing.auctionEnd - block.timestamp;

}

if (timeLeft < S_AUCTION_EXTENSION_DURATION) {

listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;

emit AuctionExtended(tokenId, listing.auctionEnd);

}

// ...Original code

}

Risk

Likelihood:

Every time a buyer places a bid, they face the issue of whether the amount they fill in is their true psychological amount.
Impact:
Although there is no fund loss, the process of filling in the amount each time may make the buyer feel uneasy about their bid. This could discourage buyers from bidding.

Proof of Concept

None

Recommended Mitigation

Similar to the slippage concept in the DeFi field, add an automatically use minimum bid parameter to placeBid.
Automatically help users fill in the minimum bid amount and refund any excess payment.

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!

Bid Beasts

`BidBeastsNFTMarket` contract does not provide a `minimum bid amount`.

BidBeastsNFTMarket contract does not provide a minimum bid amount.

Description

Risk

Proof of Concept

Recommended Mitigation

Lead Judging Commences

Rewards breakdown

Live

Judging

Appeals

Appeals Review

Rewards Distribution

FAQs

`BidBeastsNFTMarket` contract does not provide a `minimum bid amount`.