search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

Action.sol,function addBid(),will get error revert msg if auction not exist #285

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L67 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L81 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L94 https://github.com/code-423n4/2023-06-stader/blob/eb81ff02b27c30e10b968f551ad34ea5b70876b2/contracts/Auction.sol#L107

Vulnerability details

Impact

In Action.sol, function addBid(uint256 lotId), query auction by lotId. The issue is there is no check wheather auction exists or not, if not, an error msg will emit. Also in other code when query action by lotid.

Proof of Concept

paste below code into Aution.t.sol


function test_ErrEmitMsg() public {  
 //current auction id  
 assertEq(auction.nextLot(), 1);  
 // add bid to non-exist lot 2 , should revert by non-exist lot by revert by AuctionEnd  
 vm.expectRevert(IAuction.AuctionEnded.selector);  
 auction.addBid{value: 10}(2);  
}

forge test --match-test test_ErrEmitMsg

Tools Used

foundry

Recommended Mitigation Steps

add checkExist logic

Assessed type

Error

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid