Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

M-19 MitigationConfirmed #114

Open
c4-bot-2 opened this issue May 24, 2024 · 2 comments
Open

M-19 MitigationConfirmed #114

c4-bot-2 opened this issue May 24, 2024 · 2 comments
Labels
confirmed for report This issue is confirmed for report mitigation-confirmed MR-M-19 satisfactory satisfies C4 submission criteria; eligible for awards

Comments

@c4-bot-2
Copy link
Contributor

Lines of code

Vulnerability details

C4 Issue

M-19: Bidders might lose funds due to possible racing condition between settleWithBuyout and placeBid

Comments

Original vulnerabilities/impacts:
The vulnerability is both settleWithBuyout() and _placeBidChecks() allow the same timestamp (
_auction.startTime + _timeForMainLenderToBuy== block.timestamp). This encourages tx racing. The impact is when a user’s placeBid settles before settleWithBuyout(), the user will lose their bid funds, because settleWithBuyout will delete the auction data and transfer out collateral NFT tokens.

Mitigation

Fix: https://github.com/pixeldaogg/florida-contracts/pull/392/files

//src/lib/AuctionWithBuyoutLoanLiquidator.sol
    function settleWithBuyout(
        address _nftAddress,
        uint256 _tokenId,
        Auction calldata _auction,
        IMultiSourceLoan.Loan calldata _loan
    ) external nonReentrant {
...
        if (timeLimit <= block.timestamp) {
            revert OptionToBuyExpiredError(timeLimit);
        }
...

The mitigation is to separate the time window between settleWithBuyout() and _placeBidChecks(). In settleWithBuyou(), the check now will revert if timeLimit == block.timestamp.

The mitigation eliminates the attack vector and resolves the issue.

Conclusion

LGTM
c4-bot-9 added a commit that referenced this issue May 24, 2024
@c4-bot-9
oakcobalt issue #114
78c0e64
@c4-judge
Copy link

c4-judge commented Jun 1, 2024

alex-ppg marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Jun 1, 2024
@c4-judge
Copy link

c4-judge commented Jun 1, 2024

alex-ppg marked the issue as confirmed for report

@c4-judge c4-judge added the confirmed for report This issue is confirmed for report label Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed for report This issue is confirmed for report mitigation-confirmed MR-M-19 satisfactory satisfies C4 submission criteria; eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c4-judge @c4-bot-2