Clearwood
commented
2 years ago This is a helpful comment but not a gas optimization
Open code423n4 opened 2 years ago
Clearwood
commented
2 years ago This is a helpful comment but not a gas optimization
ghoul-sol
commented
2 years ago making it non-critical
Handle
0xRajeev
Vulnerability details
Impact
isOpen() function checks auction start and end times to let users know if the auction is still open for making a commitment. Absence of this will force users/interfaces to infer this via other means/variables/functions or force them to waste gas by making failed commitments after auction has closed.
While this is present in Crowdsale and Dutch auction contracts, it is missing in Batch and Hyperboilc contracts.
Proof of Concept
Check for open: https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/BatchAuction.sol#L235-L236
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/HyperbolicAuction.sol#L347-L348
isOpen() Present: https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/Crowdsale.sol#L447-L453
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/DutchAuction.sol#L373-L379
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add isOpen() to Batch and Hyperbolic auctions.