Input Validation for 'createBid' Function

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2023-12-revolutionprotocol/blob/d42cc62b873a1b2b44f57310f9d4bbfdd875e8d6/packages/revolution/src/AuctionHouse.sol#L171

Vulnerability details

Potential Risk: The 'createBid' function in the contract is responsible for allowing users to place bids on a Verb auction by sending Ether. While the function includes several checks, it lacks explicit input validation for certain parameters, which could lead to potential issues if the provided parameters are not valid or expected.

Proof of Concept (PoC): Consider a scenario where a malicious user calls the 'createBid' function with invalid input parameters:

// Invalid input: Zero address for 'bidder' createBid(123, address(0));

In this PoC, the 'createBid' function is called with a zero address for 'bidder.' The lack of input validation checks allows this invalid value to be accepted during the bid creation process, potentially causing runtime errors or issues in the contract.

Recommended Mitigation Steps: To enhance input validation in the 'createBid' function and mitigate potential risks, consider adding input validation checks for the following conditions:

1. Ensure that 'bidder' is a valid non-zero Ethereum address.

Here's a recommended solution:

function createBid(uint256 verbId, address bidder) external payable override nonReentrant { IAuctionHouse.Auction memory _auction = auction;

require(bidder != address(0), "Bidder cannot be a zero address");
require(_auction.verbId == verbId, "Verb not up for auction");
require(block.timestamp < _auction.endTime, "Auction expired");
require(msg.value >= reservePrice, "Must send at least reservePrice");
require(
    msg.value >= _auction.amount + ((_auction.amount * minBidIncrementPercentage) / 100),
    "Must send more than the last bid by minBidIncrementPercentage amount"
);

address payable lastBidder = _auction.bidder;

auction.amount = msg.value;
auction.bidder = payable(bidder);

// Extend the auction if the bid was received within 'timeBuffer' of the auction end time
bool extended = _auction.endTime - block.timestamp < timeBuffer;
if (extended) auction.endTime = _auction.endTime = block.timestamp + timeBuffer;

// Refund the last bidder, if applicable
if (lastBidder != address(0)) _safeTransferETHWithFallback(lastBidder, _auction.amount);

emit AuctionBid(_auction.verbId, bidder, msg.sender, msg.value, extended);

if (extended) emit AuctionExtended(_auction.verbId, _auction.endTime);

}

In this solution:

• We've added an input validation check to ensure that 'bidder' is a valid non-zero Ethereum address.
• This change helps prevent the use of invalid or zero addresses, enhancing the input validation of the 'createBid' function.

By implementing this solution, you can reduce the risk of issues related to invalid or unexpected input parameters when users create bids.

Assessed type

Invalid Validation

[c4-pre-sort]

raymondfam marked the issue as insufficient quality report

[c4-pre-sort]

raymondfam marked the issue as duplicate of #688

[c4-judge]

MarioPoneder marked the issue as unsatisfactory: Insufficient proof