Elegant Arctic Stork
Medium
A lack of conditional handling when deleting the last auction in allActiveAuctionOrders will cause an array misalignment and incorrect index mapping for both AuctionOrderIndex and allActiveAuctionOrders, as the auction deletion logic inadvertently overwrites entries and creates stale mappings.
In AuctionFactory.sol:_deleteAuctionOrder, the function lacks handling for cases where the auction to be deleted is the last one in allActiveAuctionOrders. This results in overwriting the last entry with itself, creating an unnecessary address(0) entry without effectively removing it.
- activeOrdersCount must be at least 1.
- The auction to be deleted is the last one in the allActiveAuctionOrders list (index == activeOrdersCount - 1).
None.
- An auction reaches its end and calls _deleteAuctionOrder.
- The _deleteAuctionOrder function attempts to delete an auction at the last index of allActiveAuctionOrders.
- The function inadvertently overwrites allActiveAuctionOrders[activeOrdersCount - 1] with address(0), leaving a stale entry.
- The AuctionOrderIndex mapping is updated incorrectly, creating potential misalignments in future order retrievals.
The protocol will have inconsistent data within the allActiveAuctionOrders and AuctionOrderIndex mappings, potentially leading to incorrect data reads, disrupted user experience, and possible failures in auction-related functionalities. Future interactions with the auction orders could be affected due to stale or erroneous mappings, causing potential financial or operational disruption.
N/A
To handle the deletion of the last auction order correctly, you could add a conditional check to handle cases where index == activeOrdersCount - 1. If it is the last auction:
- Simply set
AuctionOrderIndex[_AuctionOrder]to0without swapping or overwriting. - Reduce
activeOrdersCountdirectly without modifyingallActiveAuctionOrders.