NFTs Get Stuck in NFTLiquidator.sol Due to Missing Auction Failover Mechanism in endAuction()
Summary
The endAuction() function in NFTLiquidator.sol is responsible for concluding an auction by transferring the NFT to the highest bidder. If no bids are placed by the auction’s end, the function reverts, leaving the NFT permanently stuck in the contract.
Since there is no mechanism to return the NFT to the original owner or relist it, the asset remains locked in NFTLiquidator.sol, making it inaccessible to both users and the protocol.
Vulnerability Details
endAuction() is designed to finalize NFT sales to the highest bidder.
It checks if the auction has ended:
And if there are any bidders:
If the auction has ended and there are no bidders the call to endAuction() will always revert making the listed NFT stuck in NFTLiquidator.sol.
Impact
Liquidity Lockup: The protocol cannot liquidate NFTs effectively, leading to bad debt accumulation.
NFTs get permanently locked in NFTLiquidator.sol, preventing users from reclaiming them.
Tools used
manual review
Recommendations
If the auction has ended and there are no bidders relist the NFT.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.