Discrepeancy in auction mechanism of liquidated NFTs in `NFTLiquidator.sol`, can lead to financial losses for protocol
Vulnerability Details
This function is supposed to be called by the owner of the particular tokenId. The owner would pay a premium price, i.e. 110% of debt value in order to buy back their NFT. This helps the user to get back their NFT and saves the protocol from accrual of bad debt.
But currently there is no check present in the function which validates that the msg.sender is indeed the owner of the particular tokenId. Hence anyone can call and pay 110% of the debt value and buy back the NFT. Which in real world is unlikely to happen, as no one would pay a premium when they can purchase the same NFT by paying fraction of the price by calling placeBid() function.
This function allows anyone to participate in the auction and purchase liquidated NFTs. But anyone including the owner whose NFT got liquidated can call this function and participate in the auction process to get back the NFT.
In either of the case the NFT liquidation mechanism isn't working as it is supposed to be, which overtime would lead to accrual of bad debt/ financial losses for the protocol. Ultimately no-one will call the buyBackNFT() function, repay their debt and get back their NFTs.
Impact
Accrual of bad debt and financial losses of protocol.
Tools used
Manual review
Recommend mitigation
Implement mechanism such that :
placeBid()function must check to ensure that anyone other than the owner can take part in the auction.buyBackNFT()function must check that no one else other than the owner can call that function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.