Bid Beasts

First Flight #49

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Misplaced Event Emission in Regular Bidding in the `BidBeastsNFTMarketPlace::placeBid()` function

mishraji874

Description

Events should only be emitted when the corresponding action actually occurs to maintain accurate event logs.
The AuctionSettled event is incorrectly emitted during regular bidding in the BidBeastsNFTMarketPlace::placeBid() function, even though the auction has not been settled yet.

require(msg.sender != previousBidder, "Already highest bidder");

@> emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

Risk

Likelihood:

Occurs on every regular bid placed (not buy-now purchases)
Event indexers and external systems will receive false settlement information

Impact:

Completely incorrect event logs showing auctions as "settled" when they're still active
External systems relying on events will have wrong state information

Proof of Concept

function test_HIGH_MisplacedEventEmissionRegularBidding() public {

uint256 tokenId = _mintAndListNFT(ALICE, MIN_PRICE, 0); // No buy now price

// Bob places first bid

vm.prank(BOB);

market.placeBid{value: MIN_PRICE + 0.1 ether}(tokenId);

// Charlie places higher bid

vm.prank(CHARLIE);

// VULNERABILITY: AuctionSettled event is emitted during bidding, not settlement

vm.expectEmit(true, true, false, false);

emit BidBeastsNFTMarket.AuctionSettled(

tokenId,

CHARLIE,

ALICE,

MIN_PRICE + 0.2 ether

);

market.placeBid{value: MIN_PRICE + 0.2 ether}(tokenId);

// Auction is NOT settled yet - it's still active

assertTrue(

market.getListing(tokenId).listed,

"Auction should still be active"

);

assertTrue(

block.timestamp < market.getListing(tokenId).auctionEnd,

"Auction should not have ended"

);

}

Recommended Mitigation

require(msg.sender != previousBidder, "Already highest bidder");

- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);

// --- Regular Bidding Logic ---

Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago

Submission Judgement Published

Validated

Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.