Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

auction run indefinetly

gaurangbrdv

No deadline enforcement made in market for auction, results into auction runs indefinetly

Description

  • Accordign to docs provided, there specified that each auction will run at max for 3 days.

  • But there is no deadline enforcement made in market for three days for auction. Though there is deadline check in the placeBid function but every time any user makes bid the deadline for perticular auction will increase for 15 minutes. That allows the auction exeeds the 3 days limit. if the user place bid near to the deadline. it always increases time.

if (timeLeft < S_AUCTION_EXTENSION_DURATION) {
@> listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;
emit AuctionExtended(tokenId, listing.auctionEnd);
}

Risk

Likelihood:

  • If user makes bids near to the deadline of the auction then time left will always be less than 15 minutes. So the if will pass and extend the deadline of the auction for 25 minutes. And this can lead to auction running indefinetly.

Impact:

  • Medium impact because ut can lead to trust issue in the markte for sellers. Even though the impact is low because the seller can always accept the higest bid they want to get.

Proof of Concept

function test_auctionForever() public {
address user1 = makeAddr("user");
address user2 = makeAddr("hacker");
address user3 = makeAddr("user3");
address user4 = makeAddr("user4");
vm.deal(user1, 1e18);
vm.deal(user2, 1e18);
vm.deal(user3, 1e18);
vm.deal(user4, 1e18);
address seller = makeAddr("seller");
vm.prank(OWNER);
uint256 tokenId = nft.mint(seller);
vm.prank(seller);
nft.approve(address(market), tokenId);
vm.prank(seller);
market.listNFT(tokenId, 0.02 ether, 1 ether);
vm.prank(user1);
market.placeBid{value: 0.03 ether}(tokenId);
vm.warp(block.timestamp + 14 minutes);
vm.prank(user2);
market.placeBid{value: 0.04 ether}(tokenId);
vm.warp(block.timestamp + 14 minutes);
vm.prank(user3);
market.placeBid{value: 0.05 ether}(tokenId);
vm.warp(block.timestamp + 14 minutes);
vm.prank(user4);
market.placeBid{value: 0.06 ether}(tokenId);
// this will do so on
}

Recommended Mitigation

Make sure that everytime the user call placeBid function, the auction should be under limit of three days. That can be checked by adding addition timestamp when the auction has started. In that way we can track the actual time remaining for the auction.

struct Listing {
address seller;
uint256 minPrice;
uint256 buyNowPrice;
+ uint256 auctionStart;
uint256 auctionEnd;
bool listed;
}

Update the start time while listing the listNFT

listings[tokenId] = Listing({
seller: msg.sender,
minPrice: _minPrice,
buyNowPrice: _buyNowPrice,
+ auctionStart: block.timestamp,
auctionEnd: 0, // Timer starts only after the first valid bid.
listed: true
});

consider to check for deadline for every placeBid call.

function placeBid(uint256 tokenId) external payable isListed(tokenId) {
Listing storage listing = listings[tokenId];
+ require(block.timestamp < listing.auctionStart + 3 days);
Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Improper Documentation

Documentation for BidBeasts Marketplace is incomplete or inaccurate, potentially leading to misconfigurations or security misunderstandings.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!