Race condition at auction end time: User can both participate and claim #1451
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-175
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/a6f2397b68ef2865374c1bf7629349f25e71a44d/smart-contracts/AuctionDemo.sol#L105
https://github.com/code-423n4/2023-10-nextgen/blob/a6f2397b68ef2865374c1bf7629349f25e71a44d/smart-contracts/AuctionDemo.sol#L58
Vulnerability details
Impact
In the
AuctionDemo
contract, users can bid in an auction until its deadline and then claim the NFT. However, the current code allows users to call bothparticipateToAuction(...)
andclaimAuction(...)
at the auction end time.This could lead to situations where:
Proof of Concept
The code snippets below show how
auctionEndTime
is checked in both functions. As you can see, both functions can be called whentimestamp == auctionEndTime
.Tools Used
Manual review
Recommended Mitigation Steps
Consider only allowing 1 action (either participate or claim) at auction end time.
Assessed type
Timing
The text was updated successfully, but these errors were encountered: