Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Incorrect Event Emission in `placeBid`

ambitiousdydx

Description

Events like AuctionSettled are meant to signal the completion of an auction, including the final winner, seller, and price, to allow off-chain applications to accurately track and react to auction outcomes.
In the placeBid function, the AuctionSettled event is emitted prematurely in the regular bidding logic path, before any actual settlement occurs, which can confuse event listeners and lead to incorrect assumptions about the auction's status.

require(msg.sender != previousBidder, "Already highest bidder");

@> emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

// --- Regular Bidding Logic ---

Risk

Likelihood:

Bidders place regular bids that do not trigger the buy-now option
Off-chain services subscribe to events for real-time updates on auction settlements

Impact:

Frontends or indexers display false settlement notifications, leading to user confusion
Potential errors in data aggregation or analytics without impacting on-chain funds or state

Proof of Concept

Add the following test function into the existing tests in `BidBeastsMarketPlaceTest.t.sol`

function test_PrematureAuctionSettledEvent() public {

// Step 1: Mint and list an NFT

_mintNFT();

_listNFT();

// Step 2: Place a regular bid (not buy-now)

uint256 bidAmount = MIN_PRICE + 1 ether; // Below BUY_NOW_PRICE=5 ether

vm.expectEmit(true, true, true, true);

emit BidBeastsNFTMarket.AuctionSettled(TOKEN_ID, BIDDER_1, SELLER, bidAmount); // Emitted prematurely

vm.prank(BIDDER_1);

market.placeBid{value: bidAmount}(TOKEN_ID);

// Step 3: Verify auction is still active

assertTrue(market.getListing(TOKEN_ID).listed, "Auction should remain listed");

assertEq(market.getHighestBid(TOKEN_ID).amount, bidAmount, "Bid placed but not settled");

}

Recommended Mitigation

Remove the misplaced event emission from the bidding path, as the correct emission already occurs in _executeSale upon actual settlement. This ensures events accurately reflect state changes.

require(msg.sender != previousBidder, "Already highest bidder");

- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

// --- Regular Bidding Logic ---

Updates

Lead Judging Commences

cryptoghost Lead Judge 2 months ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!