Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Unauthorized Access to `acutionEnd` Function

0xethsol

Summary

The auctionEndfunction can be called by anyone, not just the owner of the contract. This can potentially allow any user to end the auction prematurely, affecting the auction's integrity.

Vulnerability Details

The auctionEndfunction is designed to finalize the auction. However, it does not have any access control mechanisms in place. This means that any address can call this function, which could lead to unathorized users prematurely ending the auction.

Impact

An attacker could end the auction before it is actually supposed to end, potentially disrupting the auction process and affecting the distribution of tokens. This could undermine the fairness of the auction.

Tools Used

Manual Code Review

Recommendations

Implement access control for the auctionEndfunction to ensure only authorized addresses(for example, owner) can call it. Use the `Ownable` contract from OpenZeppelin or another access control mechanism to restrict access.

import { Ownable } from "lib/openzeppelin-contracts/contracts/access/Ownable.sol";
contract FjordAuction is Ownable {
// Existing code...
function auctionEnd() external onlyOwner {
// Existing code...
}
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.