Documentation / Implementation Mismatch: endAuction vs settleAuction
Root + Impact
Description
The documentation specifies that auctions should be finalized through a function named endAuction(tokenId).
However, the actual implementation uses a function named settleAuction(tokenId) with equivalent logic.
This naming discrepancy can cause confusion for integrators, auditors, and users relying on the documentation.
Developers expecting endAuction will not find the function in the codebase, leading to incorrect assumptions about functionality.
Risk
Likelihood:
-
Occurs whenever developers or auditors reference the documentation to interact with or review the contract.
-
Likely to affect integration tests, dApp frontends, or audits that expect an
endAuctionfunction.
Impact:
-
Documentation-driven users may fail to finalize auctions if they call a non-existent function.
-
Causes trust and usability issues, though no direct financial loss occurs.
Proof of Concept
A developer following the documentation would attempt:
This will fail since no such function exists in the contract.
The correct call is:
Recommended Mitigation
Update documentation to match the actual implementation:
Lead Judging Commences
BidBeasts Marketplace: Improper Documentation
Documentation for BidBeasts Marketplace is incomplete or inaccurate, potentially leading to misconfigurations or security misunderstandings.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.