5 matches found
Upgraded Q -> 2 from #482 [1705001199242]
Judge has assessed an item in Issue 482 as 2 risk. The relevant finding follows: L-02: AuctionHouse’s owner should not be allowed to change parameters when auction is active --- The text was updated successfully, but these errors were encountered: All reactions...
Upgraded Q -> 2 from #530 [1705001094273]
Judge has assessed an item in Issue 530 as 2 risk. The relevant finding follows: QA-04 owner of AuctionHouse should not be allowed to change parameters for the ongoing auction --- The text was updated successfully, but these errors were encountered: All reactions...
Incomplete Creator Rewards in Auction Settlement
Lines of code Vulnerability details Summary During the settlement of auctions in the AuctionHouse, the proceeds meant for creators are not accurately distributed, leading to potential loss of funds for the creators. Vulnerability Details In the process of settling auctions...
Bidders can bid at previous auction reserve price by frontrunning the setter transactions
Lines of code Vulnerability details Impact The AuctionHouse.settleCurrentAndCreateNewAuction can frontrun the setter functions such as setCreatorRateBps, setMinCreatorRateBps, setEntropyRateBps, setTimeBuffer, setMinBidIncrementPercentage & setReservePrice. As soon as the current auction ends, an...
The entire AuctionHouse contract can be disabled by a wrong creator bps sum.
Lines of code Vulnerability details Vulnerability details Description There is a potential for a DoS in the AuctionHouse contract related to the buyToken call from the ERC20TokenEmitter. This is due to the buyToken requiring the bpsSum to be equal to 10000, but there is no restriction when creati...