search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-11 MitigationConfirmed #76

Open c4-bot-7 opened 3 months ago

c4-bot-7 commented 3 months ago

Lines of code

Vulnerability details

Issue

Liquidation auction will change the auction hash after every bid. Also it does not have a limit on minBid amount. Attacker could spam placeBid() with low amount 1 wei -> 2 wei -> 3 wei and other users cannot place any bid.

Mitigation

Implemented minBid made the cost for attacker increased significantly.

- if (_bid == 0 || (_auction.highestBid.mulDivDown(_BPS + MIN_INCREMENT_BPS, _BPS) >= _bid)) {
+ if ((_bid < _auction.minBid) || (_auction.highestBid.mulDivDown(_BPS + MIN_INCREMENT_BPS, _BPS) >= _bid)) {
c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory