Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a malicious bidder can always revert claimAuction #1106

Closed
c4-submissions opened this issue Nov 11, 2023 · 6 comments
Closed

a malicious bidder can always revert claimAuction #1106

c4-submissions opened this issue Nov 11, 2023 · 6 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-734 partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%)

Comments

@c4-submissions
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L104-L120

Vulnerability details

claimAuction function would be called whenever an already signed up auction's time has been ended .
by calling the function from owner or an admin the function will first check to see if the configuration are all right and then it would start to
1-transfer the nft to the winner
2-transfer the eth that the owner won in auction to the owner
3-transfer the eth of bid losers back to them

while doing eth transfer in 2 and 3 the function use .call method which is good . however one option is not being considered here and that is the gas cost of the call .
by using call method the function would call the receiver address . if it is smart contract it will execute its fallback function and if it is not it would only transfer the eth .
a malicious owner or bid loser can deploy a smart contract and pass as the parameter to join in the auction . the smart contract that they would deploy will run an infinity loop that would consume the whole block gas of the call , on that way the call has no way but to revert the whole made call .
using this the claimAuction call would get always reverted when calling that tokenid .

Assessed type

DoS

@c4-submissions c4-submissions added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Nov 11, 2023
c4-submissions added a commit that referenced this issue Nov 11, 2023
@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #1632

@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #843

@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #486

@c4-judge
Copy link

c4-judge commented Dec 1, 2023

alex-ppg marked the issue as not a duplicate

@c4-judge c4-judge reopened this Dec 1, 2023
@c4-judge
Copy link

c4-judge commented Dec 1, 2023

alex-ppg marked the issue as duplicate of #1782

@c4-judge
Copy link

c4-judge commented Dec 8, 2023

alex-ppg marked the issue as partial-50

@c4-judge c4-judge added the partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%) label Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-734 partial-50 Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Projects
None yet
Development

No branches or pull requests

3 participants