Submission Details
Severity:
`StabilityPool` lacks receive/fallback function preventing ETH transfers from NFT liquidations
Description:
The NFTLiquidator::endAuction and NFTLiquidator::buyBackNFT functions attempt to transfer ETH to the StabilityPool during NFT buybacks:
function endAuction(uint256 tokenId) external {
// ...
payable(stabilityPool).transfer(winningBid); // <<<<<<
// ...
}
function buyBackNFT(uint256 tokenId) external payable {
// ...
payable(stabilityPool).transfer(price); // <<<<<<
// ...
}
However, the StabilityPool contract does not implement either receive() or fallback() functions. The transaction will automatically revert.
Impact:
Core protocol functionality (NFT liquidation) is broken
No way to complete NFT buybacks
Protocol cannot process liquidations properly
Recommended Mitigation:
Add receive or fallback function to StabilityPoolcontract.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool misses receive/fallback breaking the integration with NFTLiquidator
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
StabilityPool misses receive/fallback breaking the integration with NFTLiquidator
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.