Pre-funded FPAM auctions may lead seller to lose funds.
Summary
Pre-funded FPAM auctions may lead seller to lose funds if the auctions still have capacity when the auctions end. As FPAM does not implement _claimProceeds function, and seller cannot get his remaining capacity back.
Vulnerability Detail
The purchase function tansfers the sold tokens to purchaser. It the auction is pre-funded, and still have capacity when the auction ends, the remaing capacity cannot be refunded to seller. As the FPAM implements only the _auction and _purchase functions, and these two functions cannot refund remaining capacity to seller.
201: function purchase(
202: PurchaseParams memory params_,
203: bytes calldata callbackData_
204: ) external override nonReentrant returns (uint96 payoutAmount) {
...
277: // If not prefunded, collect payout from auction owner or callbacks contract, if not prefunded
278: // If prefunded, call the onPurchase callback
279:@> if (routing.funding == 0) {
...
299:@> } else {
...
310: // Decrease the funding amount (if applicable)
311: // Check invariant
312:@> if (routing.funding < payoutAmount + curatorFeePayout) revert InsufficientFunding();
313: unchecked {
314: routing.funding -= payoutAmount + curatorFeePayout;
315: }
316: }
...
329: }
0xJem
commented
5 months ago
ydlee
high
Pre-funded
FPAMauctions may lead seller to lose funds.Summary
Pre-funded
FPAMauctions may lead seller to lose funds if the auctions still have capacity when the auctions end. AsFPAMdoes not implement_claimProceedsfunction, and seller cannot get his remaining capacity back.Vulnerability Detail
The
purchasefunction tansfers the sold tokens to purchaser. It the auction is pre-funded, and still have capacity when the auction ends, the remaing capacity cannot be refunded to seller. As theFPAMimplements only the_auctionand_purchasefunctions, and these two functions cannot refund remaining capacity to seller.https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/AuctionHouse.sol#L277-L315
Impact
Pre-funded
FPAMauctions may lead seller to lose funds if the auctions still have capacity when the auctions end.Code Snippet
https://github.com/sherlock-audit/2024-03-axis-finance/blob/main/moonraker/src/AuctionHouse.sol#L277-L315
Tool used
Manual Review
Recommendation
Make sure
FPAMdo not support pre-funded auction when creating auctions.Duplicate of #94