search

code-423n4 / 2022-11-size-findings

1 stars 0 forks source link

Attacker can bid many times to prevent other bidders joining to the same auction #201

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-11-size/blob/main/src/SizeSealed.sol#L157-L159

Vulnerability details

Impact

Because contract did not limit number of bids for each address at 1 auction, attacker can bid many times (same auction) in 1 transaction. If it makes bids.length increase up to 1000, and other bidders can not bid at this auction.

Proof of Concept

Contract just limit 1000 number of bids at 1 auction. See in this condition in function bid():

if (bidIndex >= 1000) {
    revert InvalidState();
}

And contract has no limit of the number of bids for each bidder at 1 auction. So attacker can easily bid up to 1000 times in 1 transaction and prevent bidding from others.

Tools Used

VS Code

Recommended Mitigation Steps

Limit number of bids for each bidder at 1 auction or remove limitation of 1000 bids.

trust1995 commented 2 years ago

This is not considered a DOS as attacker is basically executing 1000 legitimate trades with the seller, as intended. Report does not specify any interesting quirks to make the DOS do any harm to the auction.

c4-judge commented 2 years ago

0xean marked the issue as duplicate

c4-judge commented 1 year ago

0xean marked the issue as satisfactory