The first auction round of a NFT may start in the past in some scenarios
Summary
In some scenarios the first auction round of a NFT can start in the past, leading to the NFT being transferred to the reposessor.
Vulnerability Detail
The first auction round of NFTs with the variable l.tokenInitialPeriodStartTime[tokenId] set to 0 will always start at the standard l.initialPeriodStartTime as can be seen here:
Let's suppose the protocol has been deployed for a while: l.initialPeriodStartTime is set to 2 months ago and an auction length is 2 weeks.
A new token is added to the collection with tokenInitialPeriodStartTime set to 0. As soon as the token gets added the auction is over and closeAuction() needs to be called, which will transfer the NFT to the repossessor. At this point it's necessary to wait licensePeriod seconds before it's possible to start the second round of auction.
Impact
In some scenarios the first round of auction of an NFT will not happen. This will require a call to closeAuction() to move the auction to the following round. Because there are no bidders, this will result in the NFT being sent to the reposessor, which will have it in license for an extra licensePeriod before a new auction round begins, potentially damaging the artist revenue.
Code Snippet
Tool used
Manual Review
Recommendation
In _auctionStartTime retrieve the timestamp at which the NFT was added to the collection and make sure the starting time is no lower than that.
zzykxx
medium
The first auction round of a NFT may start in the past in some scenarios
Summary
In some scenarios the first auction round of a NFT can start in the past, leading to the NFT being transferred to the
reposessor.Vulnerability Detail
The first auction round of NFTs with the variable
l.tokenInitialPeriodStartTime[tokenId]set to0will always start at the standardl.initialPeriodStartTimeas can be seen here:Let's suppose the protocol has been deployed for a while:
l.initialPeriodStartTimeis set to 2 months ago and an auction length is 2 weeks. A new token is added to the collection withtokenInitialPeriodStartTimeset to0. As soon as the token gets added the auction is over and closeAuction() needs to be called, which will transfer the NFT to therepossessor. At this point it's necessary to waitlicensePeriodseconds before it's possible to start the second round of auction.Impact
In some scenarios the first round of auction of an NFT will not happen. This will require a call to closeAuction() to move the auction to the following round. Because there are no bidders, this will result in the NFT being sent to the
reposessor, which will have it in license for an extralicensePeriodbefore a new auction round begins, potentially damaging the artist revenue.Code Snippet
Tool used
Manual Review
Recommendation
In _auctionStartTime retrieve the timestamp at which the NFT was added to the collection and make sure the starting time is no lower than that.
Duplicate of #28