The `AuctionSettled` event in `BidBeastsNFTMarketPlace::placeBid` fires prematurely, causing protocol confusion.
The AuctionSettled event in BidBeastsNFTMarketPlace::placeBid fires prematurely, causing protocol confusion.
Description: Inside the BidBeastsNFTMarketPlace::placeBid function, we can see the AuctionSettled event being called between the Buy it now and regular bidding logic:
Risk:
IMPACT: Low
While funds aren't at risk, this event firing on every bid placed will cause great confusion within the protocol. This error will mislead off-chain systems/frontends.
LIKELIHOOD: High
This will happen on every regular bid (but should NOT be happening when the auction is still live!).
Proof of Concept:
Mint and list an NFT (TOKEN_ID = 0, MIN_PRICE = 1 ether, BUY_NOW_PRICE = 5 ether).
Place a bid of 2 ether (below BUY_NOW_PRICE) as BIDDER_1.
Check logs for AuctionSettled event (emitted incorrectly) and BidPlaced event (expected).
Verify auction is still active (listing.listed == true, NFT in market).
Recommended Mitigation: Remove the code from the function:
We do not need to do anything else because the _executeSale function already triggers this event.
Lead Judging Commences
BidBeasts Marketplace: Incorrect Event Emission
placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.