AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be `>` instead of `>=`.

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/a6f2397b68ef2865374c1bf7629349f25e71a44d/smart-contracts/AuctionDemo.sol#L105

Vulnerability details

Impact

• Would enable the winning bidder/bid to be selected WHILE it's still possible to bid (higher) in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet.
• there's the risk of the true/valid highest bidder not getting the NF

Proof of Concept

If it's still unclear, let me clarify from a different perspective: Auction duration is from 0 to 10, lets say. We can only select auction winner AFTER the auction (duration). This means > 10, NOT >= 10. If we wanted to make 10 valid for auction winner selection, then we would need to make auction duration from 0 to 9, where the auction ends at 9. Now we can have >= 10 which is logically correct.

Tools Used

VSC. Manual.

Recommended Mitigation Steps

- require(block.timestamp >= minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);
+ require(block.timestamp > minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);

Assessed type

Other

[code423n4]

Withdrawn by 0xSmartContractSamurai