c4-submissions commented 7 months ago

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L104-L120

Vulnerability details

Impact

Bidders funds will get stuck

Proof of Concept

After Auction winner claims token, his/her status is not set to false so he is eligible for a refund because the refund logic checks for all indexes with status set to true, which not supposed to be so. So the refund transaction will not be successful because the funds to be refunded are less than the amount of users that are eligible to receive a refund. And users cannot cancel bid because Auction is over, so the function wont work

function cancelBid(uint256 _tokenid, uint256 index) public { require( block.timestamp <= minter.getAuctionEndTime(_tokenid), "Auction ended"

function cancelAllBids(uint256 _tokenid) public { require( block.timestamp <= minter.getAuctionEndTime(_tokenid), "Auction ended" );

The claim/refund function is in the link description

Tools Used

Manual Review

Recommended Mitigation Steps

Add a line of code that sets that Auctionwinner bid index to false.

Assessed type

Other

c4-pre-sort commented 7 months ago

141345 marked the issue as primary issue

c4-pre-sort commented 7 months ago

141345 marked the issue as duplicate of #1172

c4-judge commented 7 months ago

alex-ppg marked the issue as not a duplicate

alex-ppg commented 7 months ago

The Warden specifies a potential issue in the way bids are eligible to be canceled after the claimAuction function is executed, however, they fail to properly articulate how or why.