2 matches found
Malicious seller can finalize his/her auction without changing data.lowestQuote , then auction's state will not be updated to States.finalized and this seller can repeat finalize or cancel auction to steal tokens from contract
Lines of code Vulnerability details Vulnerable details In contract, an auction's state will beStates.Finalized if data.lowestQuote of this auction is different from typeuint128.max. L33-34 data.lowestQuote is assigned to equal clearingQuote when seller finalize auction. L238 This value will be...
Seller can steal all the bid fund by repeatedly calling finalize()
Lines of code Vulnerability details Impact Bidders' fund will be stolen by malicious seller, they can not get refund. Proof of Concept In finalize, FinalizeData memory data is local, which means in each call, data is re-initialized. By calling finalize multiple times, a malicious seller can get t...