search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

bidIncrement is not bounded allows manager to DOS addBit() function in Auction.sol #301

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L153

Vulnerability details

Impact

Since the bidIncrement is not bounded, a manager can set bidIncrement to type(uint256).max in Auction.sol to create DOS condition in addBit() function because it will always revert with InSufficientBid() in L71. As a result, normal users cannot place bit and manager can use this to win an auction.

Proof of Concept

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L153

Tools Used

Manual Analysis

Recommended Mitigation Steps

Consider limit a reasonable range for manager to set bidIncrement.

Assessed type

DoS

c4-judge commented 1 year ago

Picodes changed the severity to QA (Quality Assurance)