Auction extension duration is set to 15 minutes, contradicting specification.
Root + Impact
Description
-
Normal Behavior: The auction should follow the intended business logic for duration, typically a longer period (e.g., 3 days).
-
Specific Issue: The constant that determines the auction extension period,
S_AUCTION_EXTENSION_DURATION, is hardcoded to15 minutes. This is a severe deviation from the general market expectation for NFT auctions (and often contradicts the specification provided in the contest details).
Risk
Likelihood:
-
The hardcoded value is guaranteed to be active.
-
Every auction will be affected by this shortened duration.
Impact:
-
Incorrect Business Logic. Undermines the intended user experience and marketing of the auction.
-
Potential for front-running/sniping since the window is very small.
Proof of Concept
This is an informational finding based on the codebase's constant value versus common practice. No exploitation PoC is required, but the fact that the auction ends much faster than expected is provable on the blockchain.
Recommended Mitigation
Verify the intended auction duration with the protocol team and update the constant to reflect the correct business requirement (e.g., 3 days or 72 hours). Assuming the intent was 3 days:
Lead Judging Commences
BidBeasts Marketplace: Incorrect Event Emission
placeBid emits AuctionSettled even though the auction hasn’t ended, causing misleading event logs.
BidBeasts Marketplace: Improper Documentation
Documentation for BidBeasts Marketplace is incomplete or inaccurate, potentially leading to misconfigurations or security misunderstandings.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.