Closed sherlock-admin closed 2 years ago
Picodes
unlabeled
AuctionHouse
createBid
In createBid, the incorrect amount is transferred from the bidder.
At this line: https://github.com/sherlock-audit/2022-10-astaria/blob/main/lib/astaria-gpl/src/AuctionHouse.sol#L118
It should be amount instead of vaultPayment.
amount
vaultPayment
Anyone can extract funds by creating 2 successive bids to get reimbursed a larger amount that what has been paid.
Manual Review
Picodes
unlabeled
AuctionHouse-createBid: incorrect amount transferredSummary
In
createBid, the incorrect amount is transferred from the bidder.Vulnerability Detail
At this line: https://github.com/sherlock-audit/2022-10-astaria/blob/main/lib/astaria-gpl/src/AuctionHouse.sol#L118
It should be
amountinstead ofvaultPayment.Impact
Anyone can extract funds by creating 2 successive bids to get reimbursed a larger amount that what has been paid.
Tool used
Manual Review