Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Redundant takeHighestBid function duplicates settleAuction logic

tanejarohan6

Root + Impact

Description

The contract defines two settlement functions:

function settleAuction(uint256 tokenId) external isListed(tokenId) { ... }
function takeHighestBid(uint256 tokenId) external isListed(tokenId) isSeller(tokenId, msg.sender) { ... }

Both functions finalize the auction by calling _executeSale(tokenId).

settleAuction can be called by anyone once the auction ends.

takeHighestBid can be called by the seller before auction end, but the only additional check is bid.amount >= minPrice, which settleAuction also enforces.

This makes takeHighestBid redundant, since the same outcome can be achieved via settleAuction with less surface area.

Impact:

Increased contract size and gas costs.

Unnecessary complexity in auction settlement logic.

Proof of Concept

Ensure

bid ≥ minPrice`.

Call _executeSale(tokenId) to transfer the asset and settle payment.
Thus, their outcome is effectively identical.

Recommended Mitigation

Remove takeHighestBid() entirely and rely on settleAuction() for auction finalization.
If early settlement by the seller is required as a feature, explicitly separate its logic and document how it differs from the standard settlement.

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.