4 matches found
[PNM-002] finalize with malicious input may lock bidder funds in the contract
Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...
[PNM-001] finalize with malicious input may allow multiple calls leading to fund draining
Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...
Bid can be cancelled after being finalized
Lines of code Vulnerability details Impact The SizeSealed contract's cancelBid function can be called after auction has been finalized, thereby allowing the bidder to withdraw their quoteToken after bid is finalized This is possible by bypassing the if a.data.lowestQuote != typeuint128.max ||...
Front-running of bid calls
Lines of code Vulnerability details Description There is bid function in the SizeSealed contract. The function accepts the auctionId, which does not contain any information about the auction itself. As a result, transactions of users can be front-runned to enforce them bid for the auction with th...