search

code-423n4 / 2023-05-venus-findings

2 stars 1 forks source link

`Shortfall.sol#placeBid` does not check `nextBidderBlockLimit` #454

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-venus/blob/main/contracts/Shortfall/Shortfall.sol#L158

Vulnerability details

Impact

Shortfall.sol#placeBid does not check nextBidderBlockLimit. As long as closeAuction is not called, you can continue to bid even if it times out.

Proof of Concept

Tools Used

manual

Recommended Mitigation Steps

    function placeBid(address comptroller, uint256 bidBps) external nonReentrant {
+       require(block.number <= auction.highestBidBlock + nextBidderBlockLimit);
        Auction storage auction = auctions[comptroller];

        require(_isStarted(auction), "no on-going auction");
        require(!_isStale(auction), "auction is stale, restart it");
        require(bidBps <= MAX_BPS, "basis points cannot be more than 10000");

Assessed type

Other

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #64

c4-judge commented 1 year ago

0xean marked the issue as unsatisfactory: Invalid