The goal of this project is to develop a smart contract for open auction. The general idea of the auction contract is that everyone can send their bids during a bidding period. The bids already include sending money / ether in order to bind the bidders to their bid. If the highest bid is raised, the previously highest bidder gets their money back. After the end of the bidding period, the contract has to be called manually for the beneficiary to receive their money - contracts cannot activate themselves.
Note: Skeleton code for the smart contract was given by instructor and I completed the functions to test contract.
In this function, it is required that the newest bid (msg.value) is greater than the highest bid. This is because in an auction, only higher bids are accepted. Next, the state variables are updated so that the highestBidder is msg.sender and the highestBid is the new bid, msg.value. Finally, the previous highestBid is stored in pendingReturns so that the previous highestBidder can get a refund for their bid.
In this function a new uint variable returnAmount is created to store how much will be refunded to the previous highestBidder. An if statement is utilized to check if the returnAmount is not 0. If it is not, pendingReturns[msg.sender] is initialized to 0. The reason pendingReturns[msg.sender] is set to 0 is so that if a reentrancy attack is deployed, there will be no additional funds to steal. This line of code effectively makes a reentrancy attack ineffective, and the attacker will lose funds due to gas. A nested loop is implemented to check if the sending the returnAmount fails. If it does, return false, otherwise, return true if there is no error in withdrawing.
In this function, it is required that only the beneficiary can trigger or end the auction. Therefore, require(msg.sender == beneficiary) is used. Next, a temporary variable to store the highestBid is created and initialized to 0. Like the tactic used in the withdraw function, this initialization will ensure that the beneficiary account can’t call auctionEnd multiple times to drain money because there will be no money to drain. Finally, the highestBid is sent to the beneficiary when highestBid = temp.
