Bid can go on to infinite as we can use createBid to add bid in Buffertime.

Summary

Vulnerability Detail

function createBid(uint256 nounId) external payable override nonReentrant { INounsAuctionHouse.Auction memory _auction = auction;

    require(_auction.nounId == nounId, 'Noun not up for auction');
    require(block.timestamp < _auction.endTime, 'Auction expired');
    require(msg.value >= reservePrice, 'Must send at least reservePrice');
    require(
        msg.value >= _auction.amount + ((_auction.amount * minBidIncrementPercentage) / 100),
        'Must send more than last bid by minBidIncrementPercentage amount'
    );

    address payable lastBidder = _auction.bidder;

    // Refund the last bidder, if applicable
    if (lastBidder != address(0)) {
        _safeTransferETHWithFallback(lastBidder, _auction.amount);
    }

    auction.amount = msg.value;
    auction.bidder = payable(msg.sender);

    // Extend the auction if the bid was received within `timeBuffer` of the auction end time

@> bool extended = _auction.endTime - block.timestamp < timeBuffer; if (extended) { @> auction.endTime = _auction.endTime = block.timestamp + timeBuffer; }

    emit AuctionBid(_auction.nounId, msg.sender, msg.value, extended);

    if (extended) {
        emit AuctionExtended(_auction.nounId, _auction.endTime);
    }
}

Impact

Bid can go on to infinite as we can use createBid to add bid in Buffertime.

Code Snippet

https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHouse.sol#L128

Tool used

Manual Review

Recommendation

use a mapping so that the same old addresss can be used again in Buffertime.

sherlock-audit / 2024-03-nouns-dao-2-judging

bareli - Bid can go on to infinite as we can use createBid to add bid in Buffertime. #43

Bid can go on to infinite as we can use createBid to add bid in Buffertime.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation