If auction market finalization always reverts, the fund will be locked in the Crowdfund contract forever. #254
Labels
bug
Something isn't working
disagree with severity
Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/AuctionCrowdfund.sol#L212-L226
Vulnerability details
Impact
If auction market finalization always reverts, the fund will be locked in the Crowdfund contract forever. Even if CrowdfundLifecycle is expired. This causes fund loss.
If CrowdfundLifecycle is expired and we cannot finalize the auction, we should mark the crowdfund as "Lost" and return the fund to contributors.
Proof of Concept
If IMarketWrapper.finalize call always revert, it will always skip the block that set lastBid to 0 and _bidStatus to Finalized. Result in crowdfund never finalized and fund of contributors will be locked in the AuctionCrowdfund contract forever
Tools Used
Manual review
Recommended Mitigation Steps
You should create an emergency switch that can be toggled when both crowdfund is expired and IMarketWrapper.finalize revert. And check for that emergency switch if it is toggled and IMarketWrapper.finalize reverts, you should mark the crowdfund as lost ignoring fund lost due to a bug in the target marketplace.
The text was updated successfully, but these errors were encountered: