If the Auction.updateBidIncrement() function is invoked with zero as _bidIncrement (possibly because of a human error), it sets Auction.bidIncrement to zero, allowing anyone to outbid the highest bidder of a certain lot by simply matching their bid - causing lots to be unfair.
Recommended Mitigation Steps
Define a minimum possible value for Auction.bidIncrement, and revert in Auction.updateBidIncrement() if _bidIncrement is lower than this minimum.
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L151-L155 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/Auction.sol#L71
Vulnerability details
Impact
If the
Auction.updateBidIncrement()
function is invoked with zero as_bidIncrement
(possibly because of a human error), it setsAuction.bidIncrement
to zero, allowing anyone to outbid the highest bidder of a certain lot by simply matching their bid - causing lots to be unfair.Recommended Mitigation Steps
Define a minimum possible value for
Auction.bidIncrement
, and revert inAuction.updateBidIncrement()
if_bidIncrement
is lower than this minimum.Assessed type
Invalid Validation