Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

Incorrect or Incomplete Test Cases in Auction & Listing Logic

omveersinghnaruka19

Test case : test__placeFirstBid

Description

Several tests in the repo were incomplete or asserting wrong behavior.

I corrected:

in test_placeSubsequentBid_RefundsPrevious, and test_placeFirstBid need addition of extra amount in bidding price as it need to be > not >=, or Original contract needs to add >= instead of > .

test_placeFirstBid → fixed by minting + listing NFT before bidding.

test_fail_listNFT_notOwner → fixed by minting + listing NFT before non-owner tries to list.
test_placeSubsequentBid_RefundsPrevious → fixed refund check by recording bidder balance before second bid.

@test_fail_listNFT_notOwner

@test_placeFirstBid

@test_placeSubsequentBid_RefundsPrevious

Risk

Likelihood:

High (these tests always fail in the original repo).

Impact:

Original tests produced false failures.
Without correction, critical logic (ownership restrictions, minimum bid acceptance, refund mechanism) wouldn’t be verified.
Fix ensures correct coverage of listing and bidding flows.

Proof of Concept

test_placeFirstBid

// Original test failed because NFT was never minted/listed

test_fail_listNFT_notOwner

// Original test tried listing without minting NFT

function test_fail_listNFT_notOwner() public {

vm.prank(BIDDER_1);

vm.expectRevert("Not the owner");

market.listNFT(TOKEN_ID, MIN_PRICE, BUY_NOW_PRICE);

}

test_placeSubsequentBid_RefundsPrevious

// Original test didn't track bidder1 balance before refund

// making the assert unreliable

Recommended Mitigation

test_placeFirstBid

+ _mintNFT();

+ _listNFT();

- market.placeBid{value: MIN_PRICE}(TOKEN_ID);

+ market.placeBid{value: MIN_PRICE + 0.00001 ether}(TOKEN_ID);

- assertEq(highestBid.amount, MIN_PRICE);

+ assertEq(highestBid.amount, MIN_PRICE + 0.00001 ether);

test_placeFirstBid

- market.placeBid{value: MIN_PRICE}(TOKEN_ID);

+ market.placeBid{value: MIN_PRICE + 0.00001 ether}(TOKEN_ID);

test_placeSubsequentBid_RefundsPrevious

- market.placeBid{value: MIN_PRICE}(TOKEN_ID);

+ market.placeBid{value: MIN_PRICE + 0.00001 ether}(TOKEN_ID);

- market.placeBid{value: secondBidAmount}(TOKEN_ID);

+ market.placeBid{value: secondBidAmount + 0.00001 ether}(TOKEN_ID);

- assertEq(BIDDER_1.balance, bidder1BalanceBefore + MIN_PRICE, "Bidder 1 was not refunded");

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!