With updateBidIncrement it will update main bidIncrement value for every auction. Technically when it would trigger It will cause unbalanced auctions for customers.
In below code, the contract checks for bidIncrement amount and compare it to totalUserBid. once a bid placed manager could change that bidIncrement and cause unbalanced result. For example, manager could enter big amount to block other new bidders from to entering the auction.
if (totalUserBid < lotItem.highestBidAmount + bidIncrement) revert InSufficientBid();
Tools Used
Manual review
Recommended Mitigation Steps
Either it should be stored in the lotItem struct for bidIncrement amount like:
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L151 https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L71
Vulnerability details
Impact
With updateBidIncrement it will update main bidIncrement value for every auction. Technically when it would trigger It will cause unbalanced auctions for customers.
In below code, the contract checks for bidIncrement amount and compare it to totalUserBid. once a bid placed manager could change that bidIncrement and cause unbalanced result. For example, manager could enter big amount to block other new bidders from to entering the auction.
Tools Used
Manual review
Recommended Mitigation Steps
Either it should be stored in the lotItem struct for bidIncrement amount like:
and use this value for checking in addBid function like:
or updateBidIncrement function must check all ongoing bids.
Assessed type
Other