Bid Beasts
First Flight #49
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Documentation states fixed auction duration but implementation allows indefinite extensions

anchabadze

Description:

The smart contract documentation states that auctions last exactly 3 days before they can be settled, creating an expectation of predictable auction timelines. However, the actual implementation uses a 15-minute base duration with automatic extensions whenever new bids are placed within the final 15 minutes. This fundamental discrepancy between documented behavior and actual code logic creates a scenario where auctions can theoretically run indefinitely, contradicting user expectations set by the documentation.

function settleAuction(uint256 tokenId) external isListed(tokenId) {
Listing storage listing = listings[tokenId];
require(listing.auctionEnd > 0, "Auction has not started (no bids)");
require(block.timestamp >= listing.auctionEnd, "Auction has not ended");
require(bids[tokenId].amount >= listing.minPrice, "Highest bid did not meet min price");
_executeSale(tokenId);
}

Impact:

Complete mismatch between documented and actual auction behavior

Recommended Mitigation:

Align implementation with documentation or change the documentation

Updates

Lead Judging Commences

cryptoghost Lead Judge 27 days ago
Submission Judgement Published
Validated
Assigned finding tags:

BidBeasts Marketplace: Improper Documentation

Documentation for BidBeasts Marketplace is incomplete or inaccurate, potentially leading to misconfigurations or security misunderstandings.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.