Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

claimAuction can be reverted by any bidder, locking all funds and the prize. #2006

Closed
c4-submissions opened this issue Nov 13, 2023 · 9 comments
Closed

claimAuction can be reverted by any bidder, locking all funds and the prize. #2006

c4-submissions opened this issue Nov 13, 2023 · 9 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-734 unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-submissions
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L104-L120

Vulnerability details

Description

claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls (that triggers fallbacks/receives) and ERC721.safeTransferFrom. So, every bidder has an access to a callback when claimAuction is called, which makes possible to any of them to perma-revert the function via gas-griefing.

Proof of Concept

  1. Auction has ended and the winner calls claimAuction:
    function claimAuction(uint256 _tokenid) public WinnerOrAdminRequired(_tokenid,this.claimAuction.selector){
        require(block.timestamp >= minter.getAuctionEndTime(_tokenid) && auctionClaim[_tokenid] == false && minter.getAuctionStatus(_tokenid) == true);
        auctionClaim[_tokenid] = true;
        uint256 highestBid = returnHighestBid(_tokenid);
        address ownerOfToken = IERC721(gencore).ownerOf(_tokenid);
        address highestBidder = returnHighestBidder(_tokenid);
        for (uint256 i=0; i< auctionInfoData[_tokenid].length; i ++) {
            if (auctionInfoData[_tokenid][i].bidder == highestBidder && auctionInfoData[_tokenid][i].bid == highestBid && auctionInfoData[_tokenid][i].status == true) {
                IERC721(gencore).safeTransferFrom(ownerOfToken, highestBidder, _tokenid);
                (bool success, ) = payable(owner()).call{value: highestBid}("");
                emit ClaimAuction(owner(), _tokenid, success, highestBid);
            } else if (auctionInfoData[_tokenid][i].status == true) {
                (bool success, ) = payable(auctionInfoData[_tokenid][i].bidder).call{value: auctionInfoData[_tokenid][i].bid}("");
                emit Refund(auctionInfoData[_tokenid][i].bidder, _tokenid, success, highestBid);
            } else {}
        }
    }
  1. If an attacker is a bidder that lost the auction, he needs to be refunded. So, the following line will call him:
(bool success, ) = payable(auctionInfoData[_tokenid][i].bidder).call{value: auctionInfoData[_tokenid][i].bid}("");
  1. If attacker is a smart contract, fallback/receive will be triggered to handle the received ether. In this callback, attacker can gas-grief returning a very long string:
fallback() external payable {
	if (gasgrief) {
		return VERY_LONG_STRING; 
	}
}
  • The caller doesn't assign a variable to the return value, but in solidity it is stored anyway in caller's memory when low-level call is used, which makes the gas-grief possible.

  1. The gas-grief will revert claimAuction, potentially perma-locking all the funds and the prize in the contract, because there are no other function to claim the refunds or the prize. Also, there is no emergency withdraw function.

  2. If luckily there weren't any auction's loser trying to gas-grief, the winner can also denial of service the function if he wants. The line IERC721(gencore).safeTransferFrom(ownerOfToken, highestBidder, _tokenid); triggers a callback, which winner can use to revert:

    function onERC721Received(
        address operator,
        address from,
        uint256 tokenId,
        bytes calldata data
    ) external returns (bytes4) {
	    if (gasgrief) {
		    revert();
		}}

Impact

Any bidder can lock all the funds and the prize forever.

  1. Likelihood: High, this attack can always be done in any auction. An attacker just needs to be a bidder, which he can do spending dust amounts if he is the first bidder.
  2. Impact: High, the attack will always perma-lock all funds, the winner's prize and there isn't any emergency withdraw function to rescue from the attack.
  • Risk: High (High Likelihood + High Impact)

Tools Used

Manual Review

Recommended Mitigation Steps

Claims and refunds needs to be individual, so add a function to individually refund and make claimAuction a function that only transfers the ERC-721.

Assessed type

DoS
@c4-submissions c4-submissions added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Nov 13, 2023
c4-submissions added a commit that referenced this issue Nov 13, 2023
@c4-submissions
836541 issue #2006
3dd2e68
@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #1632

@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #843

@c4-pre-sort
Copy link

141345 marked the issue as duplicate of #486

@c4-judge c4-judge reopened this Dec 1, 2023
@c4-judge
Copy link

c4-judge commented Dec 1, 2023

alex-ppg marked the issue as not a duplicate

@c4-judge c4-judge added the primary issue Highest quality submission among a set of duplicates label Dec 1, 2023
@c4-judge
Copy link

c4-judge commented Dec 1, 2023

alex-ppg marked the issue as primary issue

This was referenced Dec 1, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Dec 1, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@c4-judge c4-judge closed this as completed Dec 5, 2023
@c4-judge c4-judge added duplicate-1785 and removed primary issue Highest quality submission among a set of duplicates labels Dec 5, 2023
@c4-judge
Copy link

c4-judge commented Dec 5, 2023

alex-ppg marked issue #1785 as primary and marked this issue as a duplicate of 1785

@c4-judge c4-judge reopened this Dec 5, 2023
@c4-judge
Copy link

c4-judge commented Dec 5, 2023

alex-ppg marked the issue as not a duplicate

@c4-judge
Copy link

c4-judge commented Dec 5, 2023

alex-ppg marked the issue as duplicate of #734

@c4-judge c4-judge closed this as completed Dec 5, 2023
@c4-judge
Copy link

c4-judge commented Dec 5, 2023

alex-ppg marked the issue as unsatisfactory:
Out of scope

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-734 unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @c4-pre-sort @c4-submissions