Clearwood
commented
3 years ago Unimplemented functionality does not constitute a bug in itself
Closed code423n4 closed 3 years ago
Clearwood
commented
3 years ago Unimplemented functionality does not constitute a bug in itself
ghoul-sol
commented
3 years ago I guess what sponsor says that that functionality is not needed after all making this invalid.
Handle
0xRajeev
Vulnerability details
Impact
The comment “// TODO // GP: Sweep non relevant ERC20s / ETH” on missing logic indicates the need for an admin sweep of tokens (besides token1/token2) and ETH accidentally sent to this contract. However, this functionality is absent and may result in locked tokens/ETH.
Proof of Concept
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Liquidity/PostAuctionLauncher.sol#L318-L319
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add functionality or remove comment.