Tokens Stuck in AuctionFactory on Zero Bids
Summary
if no bids are placed during an auction, the auction tokens are transferred back to the owner of the auction, which is the factory contract. However, the factory contract lacks any logic to recover or transfer these tokens.
Vulnerability Details
The createAuction function in the factory contract creates a new auction contract and transfers the specified totalTokens from the msg.sender to the new auction contract. Since deployer is factory auction owner is assigned as AuctionFactory.
In the auctionEnd function of the auction contract, the tokens are supposed to be returned to the owner (the factory contract) if no bids are placed. However, the factory contract does not have any function to handle these tokens once they are returned. As a result, these tokens are effectively locked and cannot be retrieved.
Impact
Permanent loss of the auction tokens when no bids are placed. Any tokens returned to the factory contract remain stuck there.
Tools Used
Manual
Recommendations
Change auction owner from ActionFactory to a different contract tor user address
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.