Bid Amount Sent to Auction Contract Owner in claimAuction Function Instead of NFT Owner #1010
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-971
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L108-L113
Vulnerability details
Impact
The highest bid amount is directed to the auction contract's owner instead of the rightful owner of the NFT.
Vulnerbility Details
The
claimAuction
function exhibits an issue where the bid amount is erroneously transferred to the owner of the auction contract (owner()
) instead of the rightful owner of the auctioned token (ownerOfToken
). This issue occurs when the auction winner successfully claims the auction.Proof of Concept
Find the complete PoC template at https://gist.github.com/zzzuhaibmohd/9bf9d4961472560f1e03ed9a640debd6
for setup run
forge init
and place the filenextGen.t.sol
in test FolderTools Used
Foundry
Recommended Mitigation Steps
To fix this issue, the bid amount should be sent to the correct recipient, namely the owner of the auctioned token (
ownerOfToken
). Below is the modified code snippet highlighting the necessary correction:The Fix:
Assessed type
Access Control
The text was updated successfully, but these errors were encountered: