auditsbyradev - The uint96 Overflow Issue Preventing New Auction Initiations (Auction ID Limitation)

[sherlock-admin2]

auditsbyradev

medium

The uint96 Overflow Issue Preventing New Auction Initiations (Auction ID Limitation)

Summary

The Nouns DAO protocol and similar blockchain-based systems often employ auction mechanisms for various purposes, such as distributing NFTs or governance tokens. These auctions are typically managed through smart contracts that assign unique identifiers (IDs) to each auction. A potential bug has been identified in systems where auction IDs are restricted to uint96 data types, potentially limiting the number of auctions that can be initiated.

Vulnerability Detail

The core of this vulnerability lies in the use of a uint96 data type for auction IDs. While uint96 allows for a significantly large range of values, systems with a high frequency of auctions or those intended to operate over an extended period could theoretically exceed this range. Once the uint96 maximum value is reached, the system would be unable to assign unique IDs to new auctions, effectively preventing the initiation of further auctions.

Impact

The practical impact of this bug depends on the scale and operational parameters of the affected system:

• Operational Disruption: In systems approaching the uint96 limit, the inability to start new auctions could halt critical operations, affecting liquidity, user engagement, and overall platform functionality.
• Long-Term Scalability: For protocols envisioning long-term operation or those with high auction frequencies, hitting this limit could necessitate significant restructuring or migration efforts to ensure continuity.
• System Integrity: The bug undermines the integrity of the auction system, potentially leading to loss of trust among users and stakeholders if not adequately addressed.

Code Snippet

• NounsAuctionHouseV2.sol#_createAuction()

  function _createAuction() internal {
      try nouns.mint() returns (uint256 nounId) {
          uint40 startTime = uint40(block.timestamp);
          uint40 endTime = startTime + uint40(duration);
  
          auctionStorage = AuctionV2({
              nounId: uint96(nounId), //@audit
              clientId: 0,
              amount: 0,
              startTime: startTime,
              endTime: endTime,
              bidder: payable(0),
              settled: false
          });
  
          emit AuctionCreated(nounId, startTime, endTime);
      } catch Error(string memory) {
          _pause();
      }
  }

Tool used

Manual Review

Recommendation

Assess the necessity and feasibility of adopting a larger data type for auction IDs, such as uint256, which provides a significantly higher limit. Also Implement monitoring mechanisms to track the usage of auction IDs and proactively address potential limitations before reaching critical thresholds.

[sherlock-admin3]

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

it's low/info cause it will take 79228162514264337593543950335 auctions to overflow and the contract is upgradeable I believe