2 matches found
Bidder can steal all the base token by repeatedly calling finalize()
Lines of code Vulnerability details Impact All the base token will be stolen by malicious bidder, even worse the bidder might pay nothing at the end. Proof of Concept Anyone can call finalize, and it can be called multiple times. FinalizeData memory data is local, which means in each call, data i...
Denial of service from malicious bidder by filling up the bid index up until 1000
Lines of code Vulnerability details Impact Denial of service from malicious bidder by filling up the bid index up until 1000 Proof of Concept Initially inside bid function there is a check condition if bidIndex = 1000 then it will revert, so this will limit the size of bid created by bidder to...