Upgraded Q -> 2 from #327 [1686724891862]

Judge has assessed an item in Issue #327 as 2 risk. The relevant finding follows:

L-04 addBid does not increment the endBlock of the auction when it is close to the end, preventing the protocol from capturing extra value
When an Auction is created, it sets a lotItem.endBlock. This value remains unalterable.

This incentives users to place a bid via Auction::addBid(), on the last possible block, as it does not perform any increment on the lotItem.endBlock.

function addBid(uint256 lotId) external payable override whenNotPaused {
    // reject payments of 0 ETH
    if (msg.value == 0) revert InSufficientETH();

    LotItem storage lotItem = lots[lotId];
    if (block.number > lotItem.endBlock) revert AuctionEnded();

    uint256 totalUserBid = lotItem.bids[msg.sender] + msg.value;

    if (totalUserBid < lotItem.highestBidAmount + bidIncrement) revert InSufficientBid();

    lotItem.highestBidder = msg.sender;
    lotItem.highestBidAmount = totalUserBid;
    lotItem.bids[msg.sender] = totalUserBid;

    emit BidPlaced(lotId, msg.sender, totalUserBid);
}

Link to code

Impact
This prevents the protocol from capturing more value on last minute bids, which is common practive

It discourages earlier participation, and encourages bidders to rather spend more on gas fees to place the bid on the last possible block, rather than providing a bigger bid that will result in more value to the protocol.

Recommended Mitigation Steps
Add some extra blocks to the lotItem.endBlock if there is a bid when the auction is close to its end.

The text was updated successfully, but these errors were encountered:

All reactions