search

Zilliqa / marketplace-contracts

GNU General Public License v3.0
2 stars 4 forks source link

Seller profits overwritten if seller have not withdrawn #4

Closed teye closed 2 years ago

teye commented 2 years ago

Description The seller_profits is overwritten if the seller has ended multiple auctions but don't choose to withdraw.

Code https://github.com/Zilliqa/marketplace-contracts/blob/4e87e3feca3141e39780159ec72d0b9cd2eba512/contracts/english_auction.scilla#L757

Reproduce

  1. User A creates auction A1.
  2. User A creates auction A2.
  3. User B bids on both auction A1 and auction A2.
  4. When auction A1 ends, call End(), observe the payment_tokens[seller]. Don't withdraw the funds first.
  5. When auction A2 ends, call End(), observe the payment_tokens[seller], it would be overwritten by A2 calculations.

Suggestions Use AddToPaymentTokenBalance

ghost commented 2 years ago

Nice catch Thanks!