You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A seller starts an auction with Auctioneer and set up the listing config to not allow highest bidder to cancel its bid,
Someone bids for this auction and become the highest bidder.
The highest bidder withdraw its fund from escrow_payment_account after the auction ends (or before because it doesn't matter here because listing config doesn't update the highest bidder),
The Auction has ended but when the highest bidder tries to execute_sale, it throws an error because the escrow account has insufficient funds.
This may seem logical given the architecture of the program but it would mean that a malicious person could outbid every time as long as they have the funds but they won't suffer any consequences (apart from the transaction fees) from that because they can withdraw their funds as they wish at the end and the seller could end up never being able to auction off their token.
Which package is this bug report for?
auction-house
Which Type of Package is this bug report for?
Rust Contract
Issue description
Relevant log output
Priority this issue should have
High (immediate attention needed)
The text was updated successfully, but these errors were encountered: