Submission Details
Severity:
The StabilityPool contract does not have the function of accepting ETH, which makes the endAuction and buyBackNFT functions in NFTLiquidator invalid
Summary
The StabilityPool contract does not have the function of accepting ETH, which makes the endAuction and buyBackNFT functions in NFTLiquidator invalid.
Vulnerability Details
payable(stabilityPool).transfer(winningBid);
payable(stabilityPool).transfer(price);
From these two codes, we can see that stabilityPool needs to receive ETH, but the function of receiving ETH is not implemented in the stabilityPool.sol contract.
Impact
StabilityPool cannot accept ETH, causing the purchase and bidding nft logic in NFTLiquidator to fail to execute normally.
Tools Used
Manual review
Recommendations
Add the receive() function to the StabilityPool.sol contract:
event Received(address sender, uint256 amount);
receive() external payable {
emit Received(msg.sender, msg.value);
}
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool misses receive/fallback breaking the integration with NFTLiquidator
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool misses receive/fallback breaking the integration with NFTLiquidator
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.