Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Ended Auctions Can Be Indefinitely Restarted by Placing New Bids

igorwarkocz

BidBeastsNFTMarketPlace.sol - lines 159 - 166

Description

  • In the normal behavior, the auction extension logic should only extend the auction when there is still time remaining and the time left is less than the extension duration, preventing ended auctions from being restarted.

  • The specific issue is that the auction extension logic uses if (timeLeft < S_AUCTION_EXTENSION_DURATION) without checking if the auction has actually ended, allowing users to place bids on already-ended auctions and restart them by extending the deadline.

// Root cause in the codebase with @> marks to highlight the relevant section
} else {
requiredAmount = (previousBidAmount / 100) * (100 + S_MIN_BID_INCREMENT_PERCENTAGE);
require(msg.value >= requiredAmount, "Bid not high enough");
//! @> You can still place a bid on ended auction and restart them, because of "if (timeLeft < S_AUCTION_EXTENSION_DURATION)"
uint256 timeLeft = 0;
if (listing.auctionEnd > block.timestamp) {
timeLeft = listing.auctionEnd - block.timestamp;
}
// @> This condition is true when auction has ended (timeLeft = 0), allowing restart
if (timeLeft < S_AUCTION_EXTENSION_DURATION) {
listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;
emit AuctionExtended(tokenId, listing.auctionEnd);
}
}

Risk

Likelihood: High

  • This will occur whenever someone places a bid after the auction has officially ended.

  • This will occur when timeLeft equals 0 (auction ended) since 0 < 15 minutes.

Impact: Medium

  • Ended auctions can be indefinitely restarted by placing new bids.

  • This breaks the fundamental auction mechanics where auctions should have definitive end times.

Proof of Concept

Recommended Mitigation

Add a condition timeLeft > 0 to the auction extension logic to ensure that only active auctions (with remaining time) can be extended, not ended auctions.

} else {
requiredAmount = (previousBidAmount / 100) * (100 + S_MIN_BID_INCREMENT_PERCENTAGE);
require(msg.value >= requiredAmount, "Bid not high enough");
uint256 timeLeft = 0;
if (listing.auctionEnd > block.timestamp) {
timeLeft = listing.auctionEnd - block.timestamp;
}
- if (timeLeft < S_AUCTION_EXTENSION_DURATION) {
+ if (timeLeft > 0 && timeLeft < S_AUCTION_EXTENSION_DURATION) {
listing.auctionEnd = listing.auctionEnd + S_AUCTION_EXTENSION_DURATION;
emit AuctionExtended(tokenId, listing.auctionEnd);
}
}
Updates

Lead Judging Commences

cryptoghost Lead Judge about 1 month ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeast Marketplace: Auction Duration Miscalculation

BidBeast marketplace contains a flaw in its auction timing mechanism. This causes the contract to miscalculate the actual end time of an auction, resulting in auctions that either conclude prematurely or run longer than specified.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.