search

code-423n4 / 2023-06-stader-findings

1 stars 1 forks source link

Bidders are able to outbid the highest bidder by matching their highest bid if `Auction.bidIncrement` is set to zero #410

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L151-L155 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L71

Vulnerability details

Impact

If the Auction.updateBidIncrement() function is invoked with zero as _bidIncrement (possibly because of a human error), it sets Auction.bidIncrement to zero, allowing anyone to outbid the highest bidder of a certain lot by simply matching their bid - causing lots to be unfair.

Recommended Mitigation Steps

Define a minimum possible value for Auction.bidIncrement, and revert in Auction.updateBidIncrement() if _bidIncrement is lower than this minimum.

Assessed type

Invalid Validation

c4-judge commented 1 year ago

Picodes changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

Picodes marked the issue as grade-c

c4-judge commented 1 year ago

Picodes marked the issue as grade-b