Closed sherlock-admin2 closed 4 months ago
3 comment(s) were left on this issue during the judging contest.
WangAudit commented:
unfotunately have to grant it as low/info since the transfer reverts if fails and it's essentially a sanity check
WangAudit commented:
seems to be working as intended and the report is best practice; the problem is that the forking will be announced upfront and users will understand when the proposals should be created
karanctf commented:
low
gkelis
high
Winning bid funds transfer is not checked for success or failure, so that the
_auction.amount
can be lost.Summary
Function
_safeTransferETHWithFallback
transfers the funds of winning bid to DAO, but does not return any boolean value. If the transfer fails, funds will never be added to DAO.Vulnerability Detail
When an auction is settled by
NounsAuctionHouseV2.sol::_settleAuction
, the winning bid is payed byNounsAuctionHouseV2.sol::_safeTransferETHWithFallback
. nouns-contracts/contracts/NounsAuctionHouseV2.sol#L288_safeTransferETHWithFallback
is void, there is no boolean value returned. In case the transfer of the funds fails, the auction is settled normally, but without any funds entering DAO. nouns-contracts/contracts/NounsAuctionHouseV2.sol#L304-L309This issue is also valid for the contract
NounsAuctionHouse.sol
, instead ofNounsAuctionHouseV2.sol
, which is described here.Everything is the same, but the links are: https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHouse.sol#L236-L238, https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHouse.sol#L246-L251
Impact
Auction winning bid funds getting lost, if the transfer fails.
Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHouseV2.sol#L287-L289
Tool used
Manual Review
Recommendation
NounsAuctionHouseV2.sol::_safeTransferETHWithFallback
to return a boolean._safeTransferETHWithFallback
has succeeded, by a require or revert.