Closed c4-submissions closed 7 months ago
141345 marked the issue as insufficient quality report
the if check has multiple conditions, other bids won't == true
The core rationale is a duplicate of #1984 albeit describing that the NFT transfer would fail rather than the contract would be drained.
alex-ppg marked the issue as duplicate of #1984
alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L104
Vulnerability details
Impact
In the
claimAuction
function used to claim bids after a successful auction, it is seen that the looping of function used to return asset to user and refund other bidders is not well done. As a situation arises that if the highest bidder has done many bids, the claimAuction will always fail, leaving all bidders including other bidders funds stuck.Proof of Concept
We're walking through this function here
if (auctionInfoData[_tokenid][i].bidder == highestBidder && auctionInfoData[_tokenid][i].bid == highestBid && auctionInfoData[_tokenid][i].status == true) {
IERC721(gencore).safeTransferFrom(ownerOfToken, highestBidder, _tokenid);
inside the loop meaning, there will be multiple attempts to send the NFT from originalOwner to highestBidder, the first attempt will be successful but on further attempt due to multiple bidding, the newownerOfToken
should be the highestBidder but still assumed to be the former owner, the function will still attempt to resend same token and cause a revertTools Used
Manual Review
Recommended Mitigation Steps
Assessed type
ERC721