Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

[H-2]Integer truncation issue in initial bid/increment calculation (incorrect minimum increment calculation)

bababoyi

Root + Impact

Description

Normally, a new bid must be at least greater than the previous bid by a minimum increment (e.g., 5%) to ensure the auction progresses fairly.
In the current implementation, the calculation of requiredAmount performs integer division first and then multiplies, truncating decimals. This leads to underestimation of the required increment, and in some cases may even result in the required bid being lower than the previous bid.

// Root cause in the codebase with @> marks to highlight the relevant section

// in placeBid()

@> requiredAmount = (previousBidAmount / 100) * (100 + S_MIN_BID_INCREMENT_PERCENTAGE); // ❌ truncation bug

Risk

Likelihood:

This will occur whenever the bid amount is not an exact multiple of 100.
It is particularly problematic in low-value auctions or odd amounts such as 101 wei or 999 wei.

Impact:

Lower bid threshold — Attackers or users may exploit truncation to place bids with less than the intended increment, bypassing fair bidding logic.
Distorted auction outcome — The final settlement price may be lower than fair market value, directly causing economic loss for sellers.

Proof of Concept

Example: Current highest bid = 101 wei, minimum increment = 5%.

Expected correct calculation: At least 106 wei is required (+5%).
Current implementation: (101 / 100) * 105 = 105, allowing only 105 wei, which is below the intended threshold.

// Setup: previous bid = 101, min increment = 5%

// Expected: 106

uint256 requiredAmount_buggy = (101 / 100) * 105;

// result: 105 (too low)

// Correct with ceil division:

uint256 requiredAmount_fixed = (101 * 105 + 99) / 100;

// result: 107 (safe, ensures >= 5% increment)

Recommended Mitigation

Fix the calculation by using multiply first, then divide with ceiling to prevent truncation and guarantee the minimum increment is always met:

- requiredAmount = (previousBidAmount / 100) * (100 + S_MIN_BID_INCREMENT_PERCENTAGE);

+ requiredAmount =

+ (previousBidAmount * (100 + S_MIN_BID_INCREMENT_PERCENTAGE) + 99) / 100;

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: Integer Division Precision Loss

Integer division in requiredAmount truncates fractions, allowing bids slightly lower than intended.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!