Unhandled Unsold ZENO Tokens in Auction Contract
Summary
The Auction.sol contract does not provide a mechanism to handle unsold ZENO tokens after the auction ends (block.timestamp >= state.endTime) when totalRemaining > 0. The zeno.mint function is only called during the buying process, and there is no withdrawal function for the owner or businessAddress to retrieve the remaining ZENO. This results in unsold tokens being permanently locked in the contract, reducing the expected circulating supply and potentially disrupting the token economy without any recovery option.
Vulnerability Details
The contract initializes an auction with a fixed totalAllocated amount of ZENO tokens available for sale, tracked via state.totalRemaining. During the auction (startTime to endTime), the buy function mints ZENO to buyers and reduces totalRemaining.
-
If the auction concludes (block.timestamp >= state.endTime) and
totalRemaining> 0 (i.e., not all ZENO tokens are sold), there is no function to withdraw or reallocate the unsold tokens. Thezeno.mintfunction is only invoked within buy, and no administrative function exists to accesstotalRemainingpost-auction. -
This design oversight leaves unsold ZENO tokens effectively locked in the contract, as the contract does not own ZENO tokens directly but relies on the ZENO contract to mint them, and no further minting is triggered after endTime.
Impact
Loss of control over unsold assets,
Reduced trust in the auction mechanism
Potential economic misalignment in the RAAC ecosystem.
Tools Used
Manual Review
Recommendations
Add a Finalization Function:
with isFinalized variable to track whether the auction has been finalized to prevent double finalization with a new event AuctionFinalized.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.