Clearwood
commented
2 years ago @leastwood If the values are reasonable, does it lead to any exploitable behavior? or does it just turn the DutchAuction into a crowdsale
Closed code423n4 closed 2 years ago
Clearwood
commented
2 years ago @leastwood If the values are reasonable, does it lead to any exploitable behavior? or does it just turn the DutchAuction into a crowdsale
Clearwood
commented
2 years ago Duplicate of #108
Handle
leastwood
Vulnerability details
Impact
There are no assertions that
_startPriceand_minimumPriceare significantly greater than the time difference used to calculateDutchAuction.priceDrop(). As a result, it is possible for values to be heavily truncated, leading to an incorrectpriceDiffand resulting_currentPrice().Proof of Concept
https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L325-L332 https://github.com/sushiswap/miso/blob/master/contracts/Auctions/DutchAuction.sol#L415-L418
Tools Used
Manual code review
Recommended Mitigation Steps
Consider enforcing a minimum amount difference between
_startPriceand_minimumPriceinDutchAuction.initAuction().