Missing input validation in submitBid function

Summary

The submitBid function lacks input validation for msg.value, allowing users to submit bids with a value of zero.

Vulnerability Detail

In the submitBid function, there is no check for the msg.value being greater than zero. This could allow users to submit bids with a value of zero, leading to unexpected behavior and potential vulnerabilities.

Impact

This vulnerability could lead to unexpected behavior in the loan bidding process and potentially allow users to exploit the system by submitting zero-value bids.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L272

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L303

Tool used

Manual Review

Recommendation

Add a require statement to check that msg.value is greater than zero:

require(msg.value > 0, "Bid value must be greater than zero");

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

027.md

027.md

Missing input validation in submitBid function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

027.md

Latest commit

History

027.md

File metadata and controls

Missing input validation in submitBid function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation