Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Misplaced Event Emission

mentemdeus

Root + Impact

Root + Impact

Description

In placeBid, the AuctionSettled event is emitted prematurely for every regular bid (before the regular bidding logic block). This event should only be emitted when the auction is actually settled (e.g., in _executeSale). This is a logic bug that could mislead users or frontends about the auction status.

// Root cause in the codebase with @> marks
require(msg.sender != previousBidder, "Already highest bidder");
@> emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

Risk

Likelihood:

Happens every time a user places a bid (except buy-now flow).

Misleading event logs are immediately observable on-chain.

Impact:

Indexers, frontends, and off-chain services relying on events may misrepresent auction status.

Could confuse participants, showing auctions as “settled” even though they are ongoing.

Can break integrations or analytics pipelines that depend on accurate event history.

Proof of Concept

Seller lists an NFT.

Buyer places a normal bid.

Instead of BidPlaced, the contract emits AuctionSettled.

Off-chain tools show the auction as closed, even though it is still running.

Recommended Mitigation

- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);
+ emit BidPlaced(tokenId, msg.sender, msg.value);
Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!