wrong implement of _deleteAuctionOrder.

Summary

in _deleteAuctionOrder there is no assign for the isAuction[address(_createdAuction)] = false as we are deleting a _AuctionOrder. as we can call this function again and delete again.

Root Cause

https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/auctions/AuctionFactory.sol#L145

function _deleteAuctionOrder(address _AuctionOrder) external onlyAuctions { // get index of the Auction order uint index = AuctionOrderIndex[_AuctionOrder]; AuctionOrderIndex[_AuctionOrder] = 0;

    // get last Auction order
    allActiveAuctionOrders[index] = allActiveAuctionOrders[
        activeOrdersCount - 1
    ];
    // take out last Auction order
    allActiveAuctionOrders[activeOrdersCount - 1] = address(0);

    // switch index of the last Auction order to the deleted Auction order
    AuctionOrderIndex[allActiveAuctionOrders[index]] = index;
    activeOrdersCount--;
}

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

wrong implement of _deleteAuctionOrder.

PoC

No response

Mitigation

isAuction[address(_createdAuction)] = false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

088.md

088.md

wrong implement of _deleteAuctionOrder.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

088.md

Latest commit

History

088.md

File metadata and controls

wrong implement of _deleteAuctionOrder.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation