The owner
in FjordAuction
is factory address when creating it through the AuctionFactory
instead of the msg.sender
which would cause the token to be blocked in the AuctionFactory
.
When creating the FjordAuction
through the AuctionFactory
, the owner
of the FjordAuction
contract is assigned to msg.sender
, which will be the AuctionFactory
contract address.
When auctionEnd
invoked, if totalBids
is 0, all auctionToken
will be sent back to the owner
,
In this scenario, the owner is the AuctionFactory
contract address. Since the AuctionFactory
contract does not have a function to withdraw tokens, the tokens will be locked in the AuctionFactory
contract, making them inaccessible.
We can check the auction balance with following test(tiny update in AuctionFactory
to return auction address):
The refund token while totalBids == 0
will be locked in the AuctionFactory
contract.
Manual
There could be several possible solutions:
- use tx.origin
instead for owner
- pass owner as a parameter while creating auction contract
- adding withdraw function with onlyOwner modifier in the auction factory contract
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.