Auction Tokens can be permanently locked in AuctionFactory.
Summary
Tokens returned to the AuctionFactory after an auction ends cannot be withdrawn, as there is no mechanism in place for doing so. This results in the tokens being permanently locked in the AuctionFactory contract.
Vulnerability Details
In the FjordAuction::auctionEnd function, if an auction ends without any bids, all auction tokens are refunded to the owner, which is the AuctionFactory contract. However, the AuctionFactory contract lacks any function to withdraw these tokens, causing them to be permanently stuck within the contract.
Code Snippets
https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L192-L195
Impact
Tokens may be permanently locked in the AuctionFactory contract, making them inaccessible and unusable.
Tools Used
Manual code review
Recommendations
Implement an onlyOwner function in the AuctionFactory contract that allows the withdrawal of tokens stored within it. This function will prevent tokens from being permanently locked.
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Appeal created
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.