Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Documentation Mismatch on Auction Duration

ambitiousdydx

Description

Project documentation should accurately describe contract behavior, such as auction durations, to set correct expectations for users, developers, and integrators interacting with the system.
The provided description claims auctions have a fixed "exactly 3 days" deadline, but the code implements a dynamic 15-minute duration starting from the first bid, with extensions only for bids placed near the end, causing a mismatch that can mislead users about when auctions end.

uint256 constant public S_AUCTION_EXTENSION_DURATION = 15 minutes;

// In placeBid for first bid:

listing.auctionEnd = block.timestamp + S_AUCTION_EXTENSION_DURATION;

// For extensions:

if (timeLeft < S_AUCTION_EXTENSION_DURATION) {

listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;

}

Risk

Likelihood:

Users and developers reference the documentation for guidance on auction timelines
Auctions are initiated with the expectation of a 3-day period, leading to surprises

Impact:

Misaligned user actions, such as delayed bidding assuming longer durations
Reduced usability and potential support issues, though no direct on-chain effects

Proof of Concept

Add the following test function into the existing tests in `BidBeastsMarketPlaceTest.t.sol`

function test_AuctionDurationMismatch() public {

// Step 1: Mint and list an NFT

_mintNFT();

_listNFT();

// Step 2: Place first bid and check auctionEnd

vm.prank(BIDDER_1);

market.placeBid{value: MIN_PRICE + 1}(TOKEN_ID);

uint256 actualEnd = market.getListing(TOKEN_ID).auctionEnd;

uint256 expectedDocEnd = block.timestamp + 3 days;

uint256 expectedCodeEnd = block.timestamp + 15 minutes;

// Step 3: Assert mismatch with docs

assertNotEq(actualEnd, expectedDocEnd, "Duration does not match documented 3 days");

assertEq(actualEnd, expectedCodeEnd, "Actual duration is 15 minutes as per code");

}

Recommended Mitigation

Update the external documentation to reflect the code's behavior accurately. If a fixed 3-day duration is desired, modify the constant and logic accordingly, but based on current code:

// In documentation (not code):

- Auction deadline of exactly 3 days.

+ Auctions start upon the first bid and last 15 minutes, with extensions of 15 minutes for bids placed in the final period to prevent sniping.

Updates

Lead Judging Commences

cryptoghost Lead Judge

about 2 months ago

cryptoghost Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: Improper Documentation

Documentation for BidBeasts Marketplace is incomplete or inaccurate, potentially leading to misconfigurations or security misunderstandings.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.