QA Report #79
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
QA (Quality Assurance)
|
Yes - this is a valid point and something we might want to revisit. It's awkward that a seller could drive up a price on their own auction. But as you point out, if we attempted to stop it they could still do so by simply using a different address to place the bid. So for now, we've opted to not increase gas for other users by reverting in this scenario. One mitigation is that the history of the auction is very visible, both on our site and on-chain. So if a seller were to do this using the same account - others can clearly see the attempted manipulation. |
|
Unadjusted score: 20 - Unusual operation allowed to users. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A buyer can set a low price and call placeBid() to drive up the price.Thereby, creating interest for their NFT.
https://github.com/code-423n4/2022-02-foundation/blob/4d8c8931baffae31c7506872bf1100e1598f2754/contracts/mixins/NFTMarketReserveAuction.sol#L371
Can check whether, the msg.sender is the seller to prevent them from calling this function. But the issue still remains if they use another address to manipulate bids.
The text was updated successfully, but these errors were encountered: