Tokens returned to the AuctionFactory
after an auction ends cannot be withdrawn, as there is no mechanism in place for doing so. This results in the tokens being permanently locked in the AuctionFactory
contract.
In the FjordAuction::auctionEnd
function, if an auction ends without any bids, all auction tokens are refunded to the owner, which is the AuctionFactory
contract. However, the AuctionFactory
contract lacks any function to withdraw these tokens, causing them to be permanently stuck within the contract.
https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordAuction.sol#L192-L195
Tokens may be permanently locked in the AuctionFactory
contract, making them inaccessible and unusable.
Manual code review
Implement an onlyOwner
function in the AuctionFactory
contract that allows the withdrawal of tokens stored within it. This function will prevent tokens from being permanently locked.
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.