search

sherlock-audit / 2024-03-axis-finance-judging

1 stars 0 forks source link

web3tycoon - Natspec Issues #210

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 6 months ago

web3tycoon

medium

Natspec Issues

Summary

This finding is highly encouraged by this finding https://solodit.xyz/issues/various-natspec-issues-openzeppelin-instadapp-audit-markdown

Vulnerability Detail

  1. There is no recipient in the struct as stated in the natspec 
     /// @notice     Parameters used by the bid function
/// @dev        This reduces the number of variables in scope for the bid function
///
/// @param      lotId               Lot ID
// @audit-med there is no recipient address in this struct
@=>    /// @param      recipient           Address to receive payout
/// @param      referrer            Address of referrer
/// @param      amount              Amount of quoteToken to purchase with (in native decimals)
/// @param      auctionData         Custom data used by the auction module
/// @param      permit2Data_        Permit2 approval for the quoteToken (abi-encoded Permit2Approval struct)
struct BidParams {
    uint96 lotId;
    address referrer;
    uint96 amount;
    bytes auctionData;
    bytes permit2Data;
}
  2. Missing definitions in the natspec, such as minPrice, minFilled and minBidSize 
    /// @notice        Struct containing auction-specific data
///
//@audit-med natspec lack of information
/// @param         status              The status of the auction
/// @param         nextBidId           The ID of the next bid to be submitted
/// @param         nextDecryptIndex    The index of the next bid to decrypt
/// @param         marginalPrice       The marginal price of the auction (determined at settlement, blank before)
/// @param         publicKey           The public key used to encrypt bids (a point on the alt_bn128 curve from the generator point (1,2))
/// @param         privateKey          The private key used to decrypt bids (not provided until after the auction ends)
/// @param         bidIds              The list of bid IDs to decrypt in order of submission, excluding cancelled bids
struct AuctionData {
    uint64 nextBidId; // 8 +
    uint96 marginalPrice; // 12 +
    uint96 minPrice; // 12 = 32 - end of slot 1
    uint64 nextDecryptIndex; //q whats the difference between this and the nextBidId.
    uint96 minFilled; // 12 +
    uint96 minBidSize; //q is this the minimum amount to place a bid with.
    Auction.Status status; // 1 +
    uint64 marginalBidId; // 8 = 9 - end of slot 3
    Point publicKey; // 64 - slots 4 and 5
    uint256 privateKey; // 32 - slot 6
    uint64[] bidIds; // slots 7+
}

    Impact

Code Snippet

https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/modules/auctions/EMPAM.sol#L69 https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/AuctionHouse.sol#L55

Tool used

Manual Review

Recommendation

Refactor the Structs to make them match, the structs

nevillehuang commented 5 months ago

Invalid, documentation error, at most informational, duplicate of #1