You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 2, 2024. It is now read-only.
sherlock-admin opened this issue
Dec 1, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
After auction process end , anyone can invoke settleCurrentAndCreateNewAuction to settle previous auction and start a new round。When highestBid is bigger than ZERO, protocol invoke rewardsManager#depositBatch to split the total amount。
Note that there is a check inside above function:
if (msg.value!= expectedTotalValue) {
revertINVALID_DEPOSIT();
}
Suspicious users can submit a specific amount to break the auction, preventing it from continuing due to rounding error in calculating the split amount.
Vulnerability Detail
@@ -305,17 +305,43 @@ contract AuctionTest is NounsBuilderTest {
auction.createBid{ value: 0.420 ether }(2);
}
+ function test_MutipleSettleRoundingError() public {
deployMock();
+ vm.prank(founder);+ auction.unpause();++ vm.startPrank(bidder1);+ auction.createBid{value:1 ether}(2);+ //Assume bidder2 is a Suspicious users + vm.startPrank(bidder2);+ auction.createBid{value:6667274999493255999}(2);+ vm.warp(10 minutes + 1 seconds);++ vm.expectRevert(MockProtocolRewards.INVALID_DEPOSIT.selector);+ auction.settleCurrentAndCreateNewAuction();+ }
sherlock-admin2
changed the title
Itchy Mint Cow - The auction could break due to a rounding error
coffiasd - The auction could break due to a rounding error
Dec 13, 2023
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelHighA valid High severity issueRewardA payout will be made for this issue
coffiasd
high
The auction could break due to a rounding error
Summary
After auction process end , anyone can invoke
settleCurrentAndCreateNewAuction
to settle previous auction and start a new round。WhenhighestBid
is bigger than ZERO, protocol invoke rewardsManager#depositBatch to split the total amount。Note that there is a check inside above function:
Suspicious users can submit a specific amount to break the auction, preventing it from continuing due to rounding error in calculating the split amount.
Vulnerability Detail
And i add a console2 to MockProtocolRewards
Here goes the output:
We can see
msg.value != expectedTotalValue
due to rounding errorImpact
The auction could break and can't start a new round , Since the entire auction will be terminated, I believe this should be considered an H issue
Code Snippet
https://github.com/sherlock-audit/2023-09-nounsbuilder/blob/main/nouns-protocol/src/auction/Auction.sol#L465#L508
Tool used
Manual Review
Recommendation
Duplicate of #251
The text was updated successfully, but these errors were encountered: