The comment “// TODO // GP: Sweep non relevant ERC20s / ETH” on missing logic indicates the need for an admin sweep of tokens (besides token1/token2) and ETH accidentally sent to this contract. However, this functionality is absent and may result in locked tokens/ETH.
Handle
0xRajeev
Vulnerability details
Impact
The comment “// TODO // GP: Sweep non relevant ERC20s / ETH” on missing logic indicates the need for an admin sweep of tokens (besides token1/token2) and ETH accidentally sent to this contract. However, this functionality is absent and may result in locked tokens/ETH.
Proof of Concept
https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Liquidity/PostAuctionLauncher.sol#L318-L319
Tools Used
Manual Analysis
Recommended Mitigation Steps
Add functionality or remove comment.