search

CDSecurity / Blessed-minhquanym

0 stars 0 forks source link

[M-05] Incorrect variable used in function `setupNewRound()` #6

Open minhquanym opened 2 weeks ago

minhquanym commented 2 weeks ago

[M-05] Incorrect variable used in function setupNewRound()

Severity

Impact: Medium

Likelihood: Medium

Description

The process of a round in AuctionV1Base is as follows:

  1. The operator invokes the setupNewRound() function to calculate the newPrice and start a new round. The state of the new round is set to lotteryStarted = false and winnersSelected = false.
  2. The seller invokes the startLottery() function, setting the round state to lotteryStarted = true.
  3. The seller calls the selectWinner() function to conclude the round and set winnersSelected = true.

In the setupNewRound() function, the numberOfTickets variable is used to determine whether the price should increase or decrease. However, numberOfTickets always resets to 0 when the previous round ends in the selectWinner() function.

function setupNewRound(uint256 _finishAt, uint256 _numberOfTickets) public onlyOperator {
    require(_numberOfTickets <= totalNumberOfTickets, "Tickets per round cannot be higher than total number of tickets in AuctionV1");
    uint256 newPrice = 0;

    // @audit `numberOfTickets` is always reset to `0` 
    //         after finishing previous round in `selectWinner()`
    if (prevRoundDeposits >= numberOfTickets) {
      ...
    }
    ...
}

Recommendations

Consider revising the logic used to calculate newPrice in the setupNewRound() function.

0ximmeas commented 1 week ago

valid, nice find