Omission `=` in `BidBeastsNFTMarket::placeBid` causes first bidder not be able to place bid on minimum bid/required price.
Omission = in BidBeastsNFTMarket::placeBid causes first bidder not be able to place bid on minimum bid/required price.
Description
-
As described in the project's doc, there is a minimum bid enforcement price for first bidders.
-
Due to the omission of
=first bidder can only bid for a price greater thanmin pricebut not on exactly themin pricewhich contradicts the project's intended functionality.
Risk
Likelihood: High
Impact: Low
Proof of Concept
-
A seller lists an NFT for auction, and sets the
min pricefor the first bid. -
A user decided to places a bid on a listed NFT for the first time and sets the
msg.valueas themin priceset by the seller. -
The transaction fails with an error
First bid must be > min price -
This test from your tests suit in
BidBeadsNFTMarketTestwill failed due this fault.function test_placeFirstBid() public {_mintNFT();_listNFT();vm.prank(BIDDER_1);market.placeBid{value: MIN_PRICE}(TOKEN_ID);BidBeastsNFTMarket.Bid memory highestBid = market.getHighestBid(TOKEN_ID);assertEq(highestBid.bidder, BIDDER_1);assertEq(highestBid.amount, MIN_PRICE);assertEq(market.getListing(TOKEN_ID).auctionEnd, block.timestamp + market.S_AUCTION_EXTENSION_DURATION());}
Recommended Mitigation
Adjust the msg.valuecheck for the BidBeastsNFTMarket::placeBidto be equals to or greater than min priceas follows:
Lead Judging Commences
BidBeasts Marketplace: First Bid > Instead of >=
First bid validation uses > instead of >=, preventing valid starting bids.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.