LIEN_TOKEN.ownerOf(i) should be LIEN_TOKEN.ownerOf(liensRemaining[i])
Summary
In endAuction(), the check for public vault owner is referred to the wrong lien token id. And the actual vault lien amount is not properly recorded.
Vulnerability Detail
The lien token id should be queried is liensRemaining[i] instead of i.
Impact
YIntercept will not be correctly recorded. The accounting for LienToken amounts will be wrong. Hence the totalAssets on book will be wrong, eventually the contract and users could lose fund due to the wrong accounting.
141345
high
LIEN_TOKEN.ownerOf(i)should beLIEN_TOKEN.ownerOf(liensRemaining[i])Summary
In
endAuction(), the check for public vault owner is referred to the wrong lien token id. And the actual vault lien amount is not properly recorded.Vulnerability Detail
The lien token id should be queried is
liensRemaining[i]instead ofi.Impact
YInterceptwill not be correctly recorded. The accounting for LienToken amounts will be wrong. Hence thetotalAssetson book will be wrong, eventually the contract and users could lose fund due to the wrong accounting.Code Snippet
https://github.com/sherlock-audit/2022-10-astaria/blob/main/lib/astaria-gpl/src/AuctionHouse.sol#L192-L204
Tool used
Manual Review
Recommendation
Change
LIEN_TOKEN.ownerOf(i)toLIEN_TOKEN.ownerOf(liensRemaining[i]).