Duplicate Listing Vulnerability Allows Auction Avoidance in Listing contract
Summary
The Listings contract lacks a mechanism to check for existing listings when creating new ones. This oversight allows users to overwrite existing listings, resetting critical parameters and circumventing the auction process.
Vulnerability Detail
The _validateCreateListing function in createListings function does not verify if a listing already exists for a given token ID. Consequently, in maplistings function users can repeatedly overwrite listings, resetting the created timestamp and extending the listing duration without additional pre-payment. This manipulation prevents the automatic transition to a dutch auction when the pre-pay balance expires.
Impact
Auction Avoidance: Users can indefinitely delay the dutch auction process, undermining the contract's pricing mechanisms.
Market Distortion: By avoiding auctions, users can maintain inflated prices, disrupting market dynamics and fairness.
Integrity Compromise: The intended "set and forget" model is compromised, as users can manipulate listings to avoid consequences of mispricing.
Implement Existence Check: Before creating a new listing, verify if a listing already exists for the token ID. If it does, prevent overwriting without cancellation or fulfillment.
Enforce Pre-Pay Expiry: Ensure that any modification to a listing requires recalculation and adjustment of the pre-pay balance to prevent indefinite extensions without additional payment.
0xBhumii
Medium
Duplicate Listing Vulnerability Allows Auction Avoidance in
ListingcontractSummary
The Listings contract lacks a mechanism to check for existing listings when creating new ones. This oversight allows users to overwrite existing listings, resetting critical parameters and circumventing the auction process.
Vulnerability Detail
The
_validateCreateListingfunction increateListingsfunction does not verify if a listing already exists for a given token ID. Consequently, inmaplistingsfunction users can repeatedly overwrite listings, resetting the created timestamp and extending the listing duration without additional pre-payment. This manipulation prevents the automatic transition to a dutch auction when the pre-pay balance expires.Impact
Auction Avoidance: Users can indefinitely delay the dutch auction process, undermining the contract's pricing mechanisms. Market Distortion: By avoiding auctions, users can maintain inflated prices, disrupting market dynamics and fairness. Integrity Compromise: The intended "set and forget" model is compromised, as users can manipulate listings to avoid consequences of mispricing.
Code Snippet
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Listings.sol#L130C4-L167C1
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Listings.sol#L262C1-L295C1
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Listings.sol#L242C5-L256C6
Tool used
Manual Review
Recommendation
Implement Existence Check: Before creating a new listing, verify if a listing already exists for the token ID. If it does, prevent overwriting without cancellation or fulfillment. Enforce Pre-Pay Expiry: Ensure that any modification to a listing requires recalculation and adjustment of the pre-pay balance to prevent indefinite extensions without additional payment.