The function settleAuction() doesn't reset auctionBonder to 0.
Although this does not give any problems for the logic, the value is no longer relevant after the auction and can be set to 0.
Setting to 0 saves a bit of gas and also prevents mistakes in future code updates.
GalloDaSballo
commented
2 years ago
Handle
gpersoon
Vulnerability details
Impact
The function settleAuction() doesn't reset auctionBonder to 0. Although this does not give any problems for the logic, the value is no longer relevant after the auction and can be set to 0. Setting to 0 saves a bit of gas and also prevents mistakes in future code updates.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Auction.sol#L69 function settleAuction( .. ) public override { .. require(msg.sender == auctionBonder); .. auctionOngoing = false; hasBonded = false;
Tools Used
Recommended Mitigation Steps
Set auctionBonder to 0 at the end of the function settleAuction()