Funds will stucked in FjordAuctionFactory contract if Auction Ended with 0 Bids
Summary
Funds will locked in Auction factory contract if any Auction ended with no bids.
Vulnerability Details
When any auction ended with no bids then Auctioned Funds sent back to Owner,
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L192-L195
In Auction contract ownerset via contructor
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuction.sol#L134
If here we closely look then come to know that `owner` here is AuctionFactorycontract from where All Auctions are deployed
https://github.com/Cyfrin/2024-08-fjord/blob/main/src/FjordAuctionFactory.sol#L58-L60
In AuctionFactory contract there is no such methods to rescue those stucked funds
So thats why funds will be locked in that contract forever.
Impact
refer above
Tools Used
manual review
Recommendations
Auction Factory contract should implement some functions that will help to extract locked funds
Lead Judging Commences
If no bids are placed during the auction, the `auctionToken` will be permanently locked within the `AuctionFactory`
An auction with 0 bids will get the `totalTokens` stuck inside the contract. Impact: High - Tokens are forever lost Likelihood - Low - Super small chances of happening, but not impossible
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.