Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Event Emission

the2ke

Event is called at wrong time

Description

  • The `AuctionSettled` event is emitted in the wrong conditional branch. It fires during regular auction bidding instead of when buyNow purchases actually settle the auction. This creates inverted event semantics where actual auction settlements are silent while ongoing auctions incorrectly appear settled.
    Explain the specific issue or problem in one or more sentences

if (listing.buyNowPrice > 0 && msg.value >= listing.buyNowPrice) {
uint256 salePrice = listing.buyNowPrice;
uint256 overpay = msg.value - salePrice;
// EFFECT: set winner bid to exact sale price (keep consistent)
bids[tokenId] = Bid(msg.sender, salePrice);
listing.listed = false;
if (previousBidder != address(0)) {
_payout(previousBidder, previousBidAmount);
}
// NOTE: using internal finalize to do transfer/payouts. _executeSale will assume bids[tokenId] is the final winner.
_executeSale(tokenId);
// Refund overpay (if any) to buyer
if (overpay > 0) {
_payout(msg.sender, overpay);
}
return;
}
require(msg.sender != previousBidder, "Already highest bidder");
@> emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);
// The rest ....

Risk

Likelihood:

  • The AuctionSettled event emits during every regular bid placement, occurring 100% of the time for non-buyNow bids

  • External systems and users receive false "auction ended" notifications on every single bid, creating consistent misinformation

Impact:

  • BuyNow settlements are invisible to external systems

  • Regular bids falsely appear as settlements

  • Buyers: Confused about auction statesProof of Concept


Proof Of Code

Scenario1: Buy Now Logic
1. User pays buyNowPrice (5 ETH)
2. _executeSale() transfers NFT to buyer
3. Auction is ACTUALLY settled
4. NO AuctionSettled event emitted
5. External systems don't know auction ended
Scenario2: Regular Bid
1. User places normal bid (1 ETH)
2. emit AuctionSettled() → "Auction ended!" //While it's still on
3. But auction continues accepting more bids
4. Time gets extended
5. External systems see impossible state

Recommended Mitigation

Delete `AuctionSettled` emitted at it's actaul location
// --- Buy Now Logic ---
if (listing.buyNowPrice > 0 && msg.value >= listing.buyNowPrice) {
uint256 salePrice = listing.buyNowPrice;
uint256 overpay = msg.value - salePrice;
// EFFECT: set winner bid to exact sale price (keep consistent)
bids[tokenId] = Bid(msg.sender, salePrice);
listing.listed = false;
if (previousBidder != address(0)) {
_payout(previousBidder, previousBidAmount);
}
// NOTE: using internal finalize to do transfer/payouts. _executeSale will assume bids[tokenId] is the final winner.
_executeSale(tokenId);
// Refund overpay (if any) to buyer
if (overpay > 0) {
_payout(msg.sender, overpay);
}
return;
}
require(msg.sender != previousBidder, "Already highest bidder");
- emit AuctionSettled(tokenId, msg.sender, listing.seller, msg.value);
Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Incorrect Event Emission

placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.