There is no recipient in the struct as stated in the natspec
/// @notice Parameters used by the bid function
/// @dev This reduces the number of variables in scope for the bid function
///
/// @param lotId Lot ID
// @audit-med there is no recipient address in this struct
@=> /// @param recipient Address to receive payout
/// @param referrer Address of referrer
/// @param amount Amount of quoteToken to purchase with (in native decimals)
/// @param auctionData Custom data used by the auction module
/// @param permit2Data_ Permit2 approval for the quoteToken (abi-encoded Permit2Approval struct)
struct BidParams {
uint96 lotId;
address referrer;
uint96 amount;
bytes auctionData;
bytes permit2Data;
}
Missing definitions in the natspec, such as minPrice, minFilled and minBidSize
/// @notice Struct containing auction-specific data
///
//@audit-med natspec lack of information
/// @param status The status of the auction
/// @param nextBidId The ID of the next bid to be submitted
/// @param nextDecryptIndex The index of the next bid to decrypt
/// @param marginalPrice The marginal price of the auction (determined at settlement, blank before)
/// @param publicKey The public key used to encrypt bids (a point on the alt_bn128 curve from the generator point (1,2))
/// @param privateKey The private key used to decrypt bids (not provided until after the auction ends)
/// @param bidIds The list of bid IDs to decrypt in order of submission, excluding cancelled bids
struct AuctionData {
uint64 nextBidId; // 8 +
uint96 marginalPrice; // 12 +
uint96 minPrice; // 12 = 32 - end of slot 1
uint64 nextDecryptIndex; //q whats the difference between this and the nextBidId.
uint96 minFilled; // 12 +
uint96 minBidSize; //q is this the minimum amount to place a bid with.
Auction.Status status; // 1 +
uint64 marginalBidId; // 8 = 9 - end of slot 3
Point publicKey; // 64 - slots 4 and 5
uint256 privateKey; // 32 - slot 6
uint64[] bidIds; // slots 7+
}
web3tycoon
medium
Natspec Issues
Summary
This finding is highly encouraged by this finding https://solodit.xyz/issues/various-natspec-issues-openzeppelin-instadapp-audit-markdown
Vulnerability Detail
Impact
Code Snippet
https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/modules/auctions/EMPAM.sol#L69 https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/AuctionHouse.sol#L55
Tool used
Manual Review
Recommendation
Refactor the Structs to make them match, the structs