search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

H-05 MitigationConfirmed #54

Open c4-bot-10 opened 3 months ago

c4-bot-10 commented 3 months ago

Lines of code

Vulnerability details

Issue

The function settleWithBuyout() when transferring the triggerFee used safeTransfer() instead of safeTransferFrom(). As a result, it will use the fund from the contract to pay the fee instead of using the fund of buyer.

Mitigation

Changed from safeTransfer() to safeTransferFrom().

- asset.safeTransfer(_auction.originator, totalOwed.mulDivDown(_auction.triggerFee, _BPS));
+ asset.safeTransferFrom(buyer, _auction.originator, totalOwed.mulDivDown(_auction.triggerFee, _BPS));
c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory