Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Auction Extension Logic Bug: Incorrect Time Calculation

rbd3

Root + Impact

Description

The auction extension mechanism in placeBid() contains a logic error that creates longer auction durations than intended by adding extension time to the original auction end instead of the current timestamp.
When a bid is placed within the last 15 minutes of an auction, the code should extend the auction by 15 minutes from the current time. However, the implementation incorrectly adds 15 minutes to the original auction end time.

uint256 timeLeft = listing.auctionEnd - block.timestamp;

if (timeLeft <= S_AUCTION_EXTENSION_DURATION) {

@> listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;

emit AuctionExtended(nftId, listing.auctionEnd);

}

Risk

Impact:

Longer Auctions Than Intended: Creates auctions that run longer than the expected duration
User Confusion: Auction end times become unpredictable

Proof of Concept

This means when someone bids 5 minutes before auction end, instead of getting 15 minutes remaining, they get 20 minutes remaining.

function test_auctionExtension_AddsMoreTimeThanIntended() public {

_mintNFT();

_listNFT();

// Place first bid to start 15-minute timer

uint256 firstBidAmount = MIN_PRICE + 0.1 ether;

vm.prank(BIDDER_1);

market.placeBid{value: firstBidAmount}(TOKEN_ID);

uint256 initialAuctionEnd = market.getListing(TOKEN_ID).auctionEnd;

// Fast forward to 5 minutes before auction ends (within extension window)

uint256 timeNearEnd = initialAuctionEnd - 5 minutes;

vm.warp(timeNearEnd);

// Place second bid to trigger extension

uint256 secondBidAmount = firstBidAmount * 120 / 100;

vm.prank(BIDDER_2);

market.placeBid{value: secondBidAmount}(TOKEN_ID);

uint256 newAuctionEnd = market.getListing(TOKEN_ID).auctionEnd;

//Calculate what should happen vs what actually happens

uint256 correctExtension = timeNearEnd + 15 minutes; // Should extend from current time

uint256 buggyExtension = initialAuctionEnd + 15 minutes; // Actually extends from original end

assertEq(newAuctionEnd, buggyExtension, "BUG: Extension adds to original end time");

assertTrue(newAuctionEnd != correctExtension, "BUG: Extension should be from current time");

// Calculate how much extra time this creates

uint256 extraTime = newAuctionEnd - correctExtension;

// In this scenario, bug creates 5 minutes of extra time

assertEq(extraTime, 5 minutes, "BUG: Creates 5 minutes of unintended extra time");

}

Recommended Mitigation

Replace:

- listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;

+ listing.auctionEnd = block.timestamp + S_AUCTION_EXTENSION_DURATION;

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeast Marketplace: Auction Duration Miscalculation

BidBeast marketplace contains a flaw in its auction timing mechanism. This causes the contract to miscalculate the actual end time of an auction, resulting in auctions that either conclude prematurely or run longer than specified.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!