Bykea: Lack of minimum value bid wheel verification on customer_bid in Rental Trips

A missing validation on the customerbid field when creating rental trips allowed passengers to submit arbitrary bid amounts, including very low fares. Proper validation was added to prevent unrealistic values...

Users that send funds at a price lower than the current low bid have the funds locked

Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...

Arbitrage Opportunity for Non-Sellers

Lines of code Vulnerability details Impact Non-sellers can flood the system with arbitrage auctions. Proof of Concept The seller can wait until 1 instant minute? before the end of the auction. Now the seller places a bid a couple percent above the current market price, enough to cover the seller'...