Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Wrong equality check on `minPrice` causes initial bids in `BidBeastsNFTMarketPlace::placeBid` to fail

0xicelatte

Wrong equality check on minPrice causes initial bids in BidBeastsNFTMarketPlace::placeBid to fail

Description

  • Normally an initial bid should be equal to or greater than the minimum price

  • Currently, initial bids have to be greater than the minimum price

function placeBid(uint256 tokenId) external payable isListed(tokenId) {
...
if (previousBidAmount == 0) {
requiredAmount = listing.minPrice;
&> require(msg.value > requiredAmount, "First bid must be > min price");

Risk

Likelihood:

  • This will occur when the initial bid is exactly equal to the minimum price. Since bidders are financially incentivized to spend as little as possible, this will occur often

Impact:

  • Initial bids must be greater than the minimum price, causing very small financial impact to the first bidder

  • Core functionality is not impacted, as bidding still works except this specific bid at this specific point in the bidding process

Proof of Concept

function testMinBid() public {
_mintNFT();
_listNFT();
vm.prank(BIDDER_1);
vm.expectRevert();
market.placeBid{value: MIN_PRICE}(TOKEN_ID);
}

Recommended Mitigation

- require(msg.value > requiredAmount, "First bid must be > min price");
+ require(msg.value >= requiredAmount, "First bid must be >= min price");
Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: First Bid > Instead of >=

First bid validation uses > instead of >=, preventing valid starting bids.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.