Lines of code
<https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L38>
<https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L48-L50>
<https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L62-L135>
All auction functions are under a potential DOS or exploitability vulnerability
A 2 day duration is added to the current block.number when creating a lot. This introduces a critical flaw, Adding 2 * 86400(correct value of 2 days) / 2*7200(wrong value used in code) to a block number makes all checks return wrong values.
uint256 public constant MIN_AUCTION_DURATION = 7200; // 24 hours
function createLot(uint256 _sdAmount) external override whenNotPaused {
lots[nextLot].startBlock = block.number;
lots[nextLot].endBlock = block.number + duration;
lots[nextLot].sdAmount = _sdAmount;
function addBid(uint256 lotId) external payable override whenNotPaused {
// reject payments of 0 ETH
if (msg.value == 0) revert InSufficientETH();
LotItem storage lotItem = lots[lotId];
if (block.number > lotItem.endBlock) revert AuctionEnded();
This check fails even after 2 days have passed.
function claimSD(uint256 lotId) external override {
LotItem storage lotItem = lots[lotId];
if (block.number <= lotItem.endBlock) revert AuctionNotEnded();
A user cannot claim even after, 2 days have passed because 2*86400 blocks have not passed.
function transferHighestBidToSSPM(uint256 lotId) external override nonReentrant {
LotItem storage lotItem = lots[lotId];
uint256 ethAmount = lotItem.highestBidAmount;
if (block.number <= lotItem.endBlock) revert AuctionNotEnded();
Same issue here
Manual Review
Use block.timestamp to calculate time throught the contract
DoS
The text was updated successfully, but these errors were encountered:
All reactions