4 matches found
Upgraded Q -> 2 from #643 [1704652543122]
Judge has assessed an item in Issue 643 as 2 risk. The relevant finding follows: L-2 Setting Auction::reservePrice equal to 0 can create a chain of 0 price bids --- The text was updated successfully, but these errors were encountered: All reactions...
Bidders can bid at previous auction reserve price by frontrunning the setter transactions
Lines of code Vulnerability details Impact The AuctionHouse.settleCurrentAndCreateNewAuction can frontrun the setter functions such as setCreatorRateBps, setMinCreatorRateBps, setEntropyRateBps, setTimeBuffer, setMinBidIncrementPercentage & setReservePrice. As soon as the current auction ends, an...
Mitigation of M-03: See comments
Lines of code Vulnerability details The PR does not follow the recommended mitigation from the finding, and instead still allows under-priced bids to be added if the total value being added is at least a multiple of the minimum reserve price. Impact If, for example, the reserve price is 10 Eth,...
User might not be able to claim refund when the NFT is bought for less than the minimum reserve price
Lines of code Vulnerability details Impact User might not be able to claim refund when the NFT is bought for less than the minimum reserve price because the minReservePrices is rounded down, which make the contract refund sightly more eth to each user. In most case, the last user will not be able...