In Action.sol, function addBid(uint256 lotId), query auction by lotId.
The issue is there is no check wheather auction exists or not, if not, an error msg will emit.
Also in other code when query action by lotid.
Proof of Concept
paste below code into Aution.t.sol
function test_ErrEmitMsg() public {
//current auction id
assertEq(auction.nextLot(), 1);
// add bid to non-exist lot 2 , should revert by non-exist lot by revert by AuctionEnd
vm.expectRevert(IAuction.AuctionEnded.selector);
auction.addBid{value: 10}(2);
}
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L67 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L81 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L94 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L107
Vulnerability details
Impact
In Action.sol, function
addBid(uint256 lotId)
, query auction by lotId. The issue is there is no check wheather auction exists or not, if not, an error msg will emit. Also in other code when query action by lotid.Proof of Concept
paste below code into Aution.t.sol
forge test --match-test test_ErrEmitMsg
Tools Used
foundry
Recommended Mitigation Steps
add checkExist logic
Assessed type
Error