Closed sherlock-admin2 closed 8 months ago
zzykxx
medium
tokenId
An auction of an NFT with tokenId equal to 0 can start earlier than expected.
An auction can incorrectly start without an offset even if an offset has been set if the auctioned NFT has tokenId equal to 0. This happens when:
l.tokenInitialPeriodStartTime[0]
When these two conditions are met the function _auctionStartTime will calculate the auction start time as:
auctionStartTime = initialPeriodStartTime + (tokenId * initialPeriodStartTimeOffset);
If tokenId is 0 the offset gets cancelled, making the auction start immediately instead of the correct time.
0
In some scenarios an auction can start earlier than expected.
Manual Review
In _auctionStartTime calculate the start of an auction by adding 1 to the tokenID:
1
If any tokenId needs to be supported also add a check to make sure the addition doesn't revert in case tokenId is equal to type(uint256).max.
type(uint256).max
zzykxx
medium
An auction of an NFT with
tokenIdequal to 0 can start earlier than expectedSummary
An auction of an NFT with
tokenIdequal to 0 can start earlier than expected.Vulnerability Detail
An auction can incorrectly start without an offset even if an offset has been set if the auctioned NFT has
tokenIdequal to 0. This happens when:l.tokenInitialPeriodStartTime[0]has been set to 0When these two conditions are met the function _auctionStartTime will calculate the auction start time as:
If
tokenIdis0the offset gets cancelled, making the auction start immediately instead of the correct time.Impact
In some scenarios an auction can start earlier than expected.
Code Snippet
Tool used
Manual Review
Recommendation
In _auctionStartTime calculate the start of an auction by adding
1to the tokenID:If any
tokenIdneeds to be supported also add a check to make sure the addition doesn't revert in casetokenIdis equal totype(uint256).max.