Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Auction profit will be locked in the StabilityPool

x1485967

Summary

Auction profit will be locked in the StabilityPool

Vulnerability Details

After we liquidate the unhealthy positions, we will transfer these liquidated NFTs to the NFTLiquidator contract to sell via auction. Bidders can bid for NFTs via native Ether. And we will send the native Ether back to the stabilityPool contract.

The problem is that we will use the crvUSD token to liquidate the unhealthy positions. The received native Ether will be stuck in the stability contract. Because we don't have one interface to transfer native Ether out of the stabilityPool contract or swap these native Ethers to crvUSD token.

function endAuction(uint256 tokenId) external {
TokenData storage data = tokenData[tokenId];
if (block.timestamp < data.auctionEndTime) revert AuctionNotEnded();
if (data.highestBidder == address(0)) revert NoBidsPlaced();
address winner = data.highestBidder;
uint256 winningBid = data.highestBid;
delete tokenData[tokenId];
nftContract.transferFrom(address(this), winner, tokenId);
payable(stabilityPool).transfer(winningBid);
emit AuctionEnded(tokenId, winner, winningBid);
}

Impact

Auction profit will be locked in the stabilityPool.

Tools Used

Manual

Recommendations

Add one interface to transfer native Ether out of stabilityPool contract.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.