claimAuction()
revert, leading to permanent loss of auction bid fund.
#997
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-739
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L112
Vulnerability details
Impact
Attacker can participate auction through a smart contract that did not implement
ERC721Receiver
, thenclaimAuction()
will revert with errorERC721: transfer to non ERC721Receiver implementer
.ALL the auction bid fund will be permanently loss.
Proof of Concept
Run
forge init
in project rootsetup deployer script and test file:
Gist link to all files: link
Assertion failure indicating fund failed to be refunded to participating user.
Tools Used
Manual Code Review, Forge
Recommended Mitigation Steps
ERC721Receiver
implemented.selfdestruct
or bypassextcodesize()
check and lead to same issue, so it is recommended to implement the withdrawal pattern for participant refund and winner claiming. This lays the burden of proof on the refund/token receiver.Assessed type
ETH-Transfer
The text was updated successfully, but these errors were encountered: