search

sherlock-audit / 2024-02-radicalxchange-judging

3 stars 1 forks source link

DenTonylifer - Highest bidder can cancel his bid #85

Closed sherlock-admin3 closed 8 months ago

sherlock-admin3 commented 8 months ago

DenTonylifer

high

Highest bidder can cancel his bid

Summary

Highest bidder can cancel his bid, withdraw collateral and win the round.

Vulnerability Detail

Documentation says: "Only bids that are no longer the highest bid can be canceled and their associated collateral withdrawn". But highest bidder can cancel his bid, using _cancelAllBids function and withdraw his collateral. At the same time, he will remain in the array as the highest bidder, and if there are no bids after him, then he will win the round. His collateral will be split between old Steward and Creator Circle, and this will lead to a loss of contract's funds.

Impact

Highest bidder unfairly wins the auction and receives token for free.

Code Snippet

[https://github.com/sherlock-audit/2024-02-radicalxchange/blob/main/pco-art/contracts/auction/EnglishPeriodicAuctionInternal.sol#L416-L434]()

Tool used

Manual Review

Recommendation

for (uint256 i = 0; i <= currentAuctionRound; i++) {
            Bid storage bid = l.bids[tokenId][i][bidder];

-            if (bid.collateralAmount > 0) {
+            if (bid.collateralAmount > 0 && bidder != l.highestBids[tokenId][i].bidder) {
                // Make collateral available to withdraw
                l.availableCollateral[bidder] += bid.collateralAmount;

                // Reset collateral and bid
                bid.collateralAmount = 0;
                bid.bidAmount = 0;
            }
        }

Duplicate of #14