WhoAmI?
may be auditor

Security blog

Add new post Feed

Auditors space

Dapp Security list Audit Challenges Team formation

Dapps and protocols

Pre-audit plan Audit Profile

Dev Tools

Dev tools Testing tools

Protocol Marketing

Marketing tips

Misc

Support Log In

AuditProfile, Copywright 2025

info@auditprofile.xyz

Privacy Policy

AuditProfile

Block: 70

Timestamp: 12:55:28

AuditProfile

Security blog

Auction + no min bid value = DDoS

Here is a great example of how the attacker can perform a DoS attack on the bidding function, preventing other users from bidding and ultimately getting the NFT at a low price. Have a look at the code:

function placeBid(address _nftAddress, uint256 _tokenId, Auction memory _auction, uint256 _bid)
        external
        nonReentrant
        returns (Auction memory)
    {
        _placeBidChecks(_nftAddress, _tokenId, _auction, _bid);
        uint256 currentHighestBid = _auction.highestBid;
        // MIN_INCREMENT_BPS = 10000, _BPS = 500 , add 5%
        if (_bid == 0 || (currentHighestBid.mulDivDown(_BPS + MIN_INCREMENT_BPS, _BPS) >= _bid)) {
            revert MinBidError(_bid);
        }
        uint256 currentTime = block.timestamp;
        uint96 expiration = _auction.startTime + _auction.duration;
@>      uint96 withMargin = _auction.lastBidTime + _MIN_NO_ACTION_MARGIN;
        uint96 max = withMargin > expiration ? withMargin : expiration;
        if (max < currentTime && currentHighestBid > 0) {
            revert AuctionOverError(max);
        }
        .....
    }

The placeBid function requires each bid to increase by 5% from the original, locking in for a period of time after each bid.

The problem here is that if the initial price increases from a very small value, the second increase in percentage only needs to be a very small amount. For example: 100 wei -> 105 wei -> 110 wei.

So an attacker can start with a small bid and keep growing slowly. Because of the time lock, other users cannot participate for a period of time. Normal users must wait until the time lock is over and the transaction needs to be executed before the attacker.

If normal users are unable to participate in the bidding, the attacker can obtain the auction item (NFT) at a very low price.

As a good fix, you can add a MIN_BID value to the check to make it less interesting to the attacker.

Read the full report here:

Link: https://code4rena.com/reports/2024-04-gondi#m-11-auctionloanliquidatorplacebid-can-be-dos

#auction

#bid

#ddos

#frontrun

Connent with me:

Study for free

Cyfrin Updraft

Completely free courses
RareSkills Tutorials

Learn more about the blockchain world
Smart Contract Programmer

Free education videos

Awesome Books

Uniswap V2 Book

by RareSkills
Uniswap V3 Book

by Jeiwan
Compound Book

by RareSkills
ZK Book

by RareSkills
Ethereum Book

by Andreas M. Antonopoulos, Gavin Wood
Beigepaper

by Micah Dameron

Useful tools

EVM diff

Compare execution layer differences between chains
EVM storage

Dive deep into the storage of any contract

#42 Security Snippets: #12

#mint#decimals#uint

#3 Security Snippets: #3

#uint#mapping

Регистрация прошла успешно! Спасибо за внимание!

loader