initiator in createAuction can be set to address(0)
Summary
Address(0) is not checked for the initiator parameter in createAuction, which means that people can bid in an auction that is governed by address(0) or an address(0) can win the auction.
Vulnerability Detail
Since createAuction() has an external visibility modifier and not internal, it does not check whether the Auction exist, unlike auctionVault() in CollateralToken.sol which calls createAuction(). An authorized user can createAuction by directly calling createAuction() and continue the bidding process without knowing that address(0) is set.
Impact
Bidders might lose their bid because Auction doesn't exist or NFT can be won by address(0) if there is no bidding.
peanuts
unlabeled
initiator in createAuction can be set to address(0)
Summary
Address(0) is not checked for the initiator parameter in createAuction, which means that people can bid in an auction that is governed by address(0) or an address(0) can win the auction.
Vulnerability Detail
Since createAuction() has an external visibility modifier and not internal, it does not check whether the Auction exist, unlike auctionVault() in CollateralToken.sol which calls createAuction(). An authorized user can createAuction by directly calling createAuction() and continue the bidding process without knowing that address(0) is set.
Impact
Bidders might lose their bid because Auction doesn't exist or NFT can be won by address(0) if there is no bidding.
Code Snippet
Tool used
Manual Review
Recommendation
Set createAuction() to be internal or add
in the createAuction() function.
Also add in AuctionExist check in createBid() to make sure that the Auction exists by changing
to