DoS attack in blockchain context:
Example for the attack of Block Gas Limit:
When attacker calls bid() thousands of times, refundAll() function may hit the gas limit of the block which will lead to the stuck of funds in the contract forever because of Block Gas Limit.
Solution:
We should let users manually withdraw their funds.