Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

[Medium] Minimum Price Bidding Logic Error

0xhsn

[Medium] Minimum Price Bidding Logic Error

Description

The placeBid function in the BidBeastsNFTMarket contract contains an incorrect comparison operator for first bid validation. The current logic requires the first bid to be strictly greater than the minimum price, preventing users from placing valid bids exactly at the minimum price threshold.

// BidBeastsNFTMarketPlace.sol:154

if (previousBidAmount == 0) {

requiredAmount = listing.minPrice;

@> require(msg.value > requiredAmount, "First bid must be > min price"); //AUDIT:: should have a equal sign

listing.auctionEnd = block.timestamp + S_AUCTION_EXTENSION_DURATION;

emit AuctionExtended(tokenId, listing.auctionEnd);

}

Risk

Likelihood:

Users attempting to bid exactly at the minimum price will have their transactions reverted
This affects all first bids on any NFT listing
The issue is deterministic and will occur every time someone tries to bid at minimum price
Common user behaviour to start bidding at the advertised minimum price

Impact:

Reduced user experience due to unexpected transaction failures
Users must bid higher than the intended minimum price, increasing costs
Potential confusion about actual minimum bidding requirements
Gas waste from reverted transactions
Inconsistent behaviour compared to standard auction mechanics

Proof of Concept

function test_wrong_MIN_VAL() public {

_mintNFT();

_listNFT();

vm.prank(BIDDER_1);

vm.expectRevert("First bid must be > min price");

market.placeBid{value: MIN_PRICE}(TOKEN_ID);

vm.stopPrank();

}

This test demonstrates that a bid placed exactly at MIN_PRICE (which should be valid) gets reverted due to the strict greater-than comparison.

Recommended Mitigation

if (previousBidAmount == 0) {

requiredAmount = listing.minPrice;

- require(msg.value > requiredAmount, "First bid must be > min price");

+ require(msg.value >= requiredAmount, "First bid must be >= min price");

listing.auctionEnd = block.timestamp + S_AUCTION_EXTENSION_DURATION;

emit AuctionExtended(tokenId, listing.auctionEnd);

}

This change enables users to place valid first bids at the exact minimum price, aligning with standard auction expectations and the intended behaviour of the minimum price parameter.

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: First Bid > Instead of >=

First bid validation uses > instead of >=, preventing valid starting bids.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!