-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First bidder could brick auction or win the auction for a very cheap price by placing a very high bid #791
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1323
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Comments
c4-submissions
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Nov 10, 2023
141345 marked the issue as duplicate of #962 |
alex-ppg marked the issue as not a duplicate |
alex-ppg marked the issue as duplicate of #1784 |
alex-ppg marked the issue as duplicate of #1323 |
alex-ppg marked the issue as partial-50 |
c4-judge
added
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
satisfactory
satisfies C4 submission criteria; eligible for awards
and removed
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
labels
Dec 8, 2023
alex-ppg marked the issue as satisfactory |
alex-ppg marked the issue as partial-50 |
c4-judge
added
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
and removed
satisfactory
satisfies C4 submission criteria; eligible for awards
labels
Dec 8, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-1323
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/08a56bacd286ee52433670f3bb73a0e4a4525dd4/smart-contracts/AuctionDemo.sol#L56-L60
https://github.com/code-423n4/2023-10-nextgen/blob/08a56bacd286ee52433670f3bb73a0e4a4525dd4/smart-contracts/AuctionDemo.sol#L123-L129
https://github.com/code-423n4/2023-10-nextgen/blob/08a56bacd286ee52433670f3bb73a0e4a4525dd4/smart-contracts/AuctionDemo.sol#L133-L142
Vulnerability details
In order to participate in an auction, a bidder has to place a bid that is higher than the current highest bid:
56-60
As a bidder can cancel their bid anytime before the auction ends, the first bidder can prevent others from participating in the auction by placing an absurdly high bid that they intend to cancel in the last second, making it impossible for other bidders with reasonably-priced bids to participate in the auction.
123-129
133-142
Impact
Scenario 1:
The first bidder places a very high bid, outpricing others.
Just before the auction ends, the bid is cancelled.
=> The auction doesn't have a winner
=> It is impossible to restart the auction on this contract
=> attacker will have paid gas fees
=> Token will remain in the hands of the
_recipient
that it was airdropped tohttps://github.com/code-423n4/2023-10-nextgen/blob/08a56bacd286ee52433670f3bb73a0e4a4525dd4/smart-contracts/MinterContract.sol#277
Scenario 2:
The first or a later bidder could win the auction for a cheap price by first placing a low bid and right after an absurdly high bid that they intend to withdraw later.
=> Others won't be able to participate in the auction
=> Just before the auction ends, the first bidder cancels the high bid and wins the auction for the first, very low bid.
In both cases, there is a possibility that a well-timed second bidder could win the auction by managing to place a bid after the large bid was cancelled. Either way, the token wouldn't be auctioned for a fair price.
Proof of Concept
Tools used
Foundry
Recommended Mitigation Steps
Consider a change in auction style to prevent this issue, e.g.
(1) allowing bidders to participate in an auction by placing bids that are lower than the current highest bid or
(2) disallowing bidders to cancel their bids or
(3) extending the auction deadline when the highest bid gets cancelled
Consider adding a possibility to restart an auction that has ended without a bid.
Assessed type
Timing
The text was updated successfully, but these errors were encountered: