Divide before multiply
Root + Impact
Description
-
When calculating the minimum required next bid in
placeBid, the code performs integer division before multiplication. -
Because solidity integer division truncates toward zero, this expression can under-estimate the required amount whenever
previousBidAmountis not a multiple of 100.
Risk
Likelihood:
-
Whenever a bid amount is less than
100(or not a clean multiple of100), the calculation will truncate the remainder and lower the required next bid. -
Attackers can deliberately craft bids to exploit this rounding to gain a price advantage.
Impact:
-
Sellers receive less than the configured minimum increment.
-
Auction integrity is compromised and bidding rules can be bypassed.
Proof of Concept
Deploy the contract and list an NFT with
S_MIN_BID_INCREMENT_PERCENTAGE = 5.Place a first bid of
99 wei.The next required bid is computed as `(99 / 100) * 105 = 0`
Any user can now bid 0 wei and become the highest bidder, violating the intended minimum increment rule.
Recommended Mitigation
Multiply before dividing to preserve precision:
Lead Judging Commences
BidBeasts Marketplace: Integer Division Precision Loss
Integer division in requiredAmount truncates fractions, allowing bids slightly lower than intended.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.