c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L58

Vulnerability details

Impact

Auction can be won with a difference of 1 wei which could results to unfair and spammy auctions.

Proof of Concept

Auctions does not provide a minimum bid amount. it allows anyone to bid as little as they can, this opens up space for MEV to win auctions with as little as 1 wei difference.

function participateToAuction(uint256 _tokenid) public payable {//@audit users can win action by frontrunning with 1 wei
@>      require(msg.value > returnHighestBid(_tokenid) && block.timestamp <= minter.getAuctionEndTime(_tokenid) && minter.getAuctionStatus(_tokenid) == true);
        auctionInfoStru memory newBid = auctionInfoStru(msg.sender, msg.value, true);
        auctionInfoData[_tokenid].push(newBid);
    }

The issue with this setting is that MEV bot could wait through getAuctionEndTime and bid with an amount greater than the higher bidder with 1 wei and win the auction. This could also results to lot of spam bids since bidders could bid within arbitrary range pushing more info into auctionInfoData array.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider adding a min bid amount.

function participateToAuction(uint256 _tokenid) public payable {
-      require(msg.value > returnHighestBid(_tokenid) && block.timestamp <= minter.getAuctionEndTime(_tokenid) && minter.getAuctionStatus(_tokenid) == true);
+      require(msg.value + MIN_Bid > returnHighestBid(_tokenid) && block.timestamp <= minter.getAuctionEndTime(_tokenid) && minter.getAuctionStatus(_tokenid) == true);
        auctionInfoStru memory newBid = auctionInfoStru(msg.sender, msg.value, true);
        auctionInfoData[_tokenid].push(newBid);
    }

Assessed type

Context