The loss of auction tokens occurs when the total bids are zero when calling auctionEnd() in FjordAuction contract
Summary
The owner of the FjordAuctionFactory contract creates a new auction contract, FjordAuction, and transfers the auction tokens. If the auction ends with no bids placed, all the auction tokens are sent back to the owner of the FjordAuction contract, which is the FjordAuctionFactory contract. This results in the tokens being locked in the FjordAuctionFactory contract, making them impossible to withdraw.
Vulnerability Details
The FjordAuctionFactory contract creates a new auction contract, and within the constructor of the FjordAuction contract, the owner is set to msg.sender, which refers to the FjordAuctionFactory contract. The owner is initialized only in the constructor and cannot be changed afterward.
If the auction ends without any bids and anybody calls the auctionEnd() function, all the auction tokens will be transferred to the FjordAuctionFactory contract, where they will be permanently lost.
Impact
All the auction tokens will be transferred to the FjordAuctionFactory contract, where they will be irretrievably lost.
Tools Used
Manual review
Recommendations
When creating a new auction contract, the owner's address should be passed as an argument and assigned within the constructor.
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.