Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

No Mechanism to Recover Erroneously Sent Tokens in FjordAuctionFactory.sol

sidhack3r11

Summary

https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuctionFactory.sol

The contract lacks a mechanism to recover ERC20 tokens that are accidentally sent to its address, potentially resulting in permanent loss of funds.

Vulnerability Details

If someone mistakenly sends ERC20 tokens to the contract address, there is no way to recover these tokens. This could lead to users losing their funds permanently without a recovery function.

Impact

Users who accidentally send tokens to the contract could suffer financial losses, as there is no mechanism to retrieve the tokens. This could result in user dissatisfaction and potential legal or reputational issues.

Tools Used

Manual Review

Recommendations

Implement a function that allows the contract owner to recover any ERC20 tokens sent to the contract by mistake. Ensure that only the owner can call this function to prevent unauthorized recoveries

function recoverERC20(address tokenAddress, uint256 tokenAmount) external onlyOwner {
IERC20(tokenAddress).transfer(owner, tokenAmount);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.