Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $30,000 USDC
Total HM: 12
Participants: 96
Period: 3 days
Judge: HardlyDifficult
Total Solo HM: 5
Id: 140
League: ETH
Rank: 77/96
Findings: 1
Award: $28.28
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x29A, 0x52, 0xNazgul, 0xNineDec, 0xc0ffEE, 0xf15ers, 0xkatana, BowTiedWardens, Chom, ElKu, Funen, GalloDaSballo, JC, JMukesh, JohnSmith, Lambda, Limbooo, MadWookie, MiloTruck, Nethermind, Noah3o6, Nyamcil, Picodes, PwnedNoMore, Randyyy, RoiEvenHaim, SmartSek, StErMi, Tadashi, TerrierLover, TomJ, Tomio, Treasure-Seeker, UnusualTurtle, Varun_Verma, Wayne, Waze, _Adam, apostle0x01, asutorufos, berndartmueller, c3phas, catchup, cccz, cloudjunky, codexploder, cryptphi, defsec, delfin454000, dipp, ellahi, exd0tpy, fatherOfBlocks, hansfriese, hyh, joestakey, kebabsec, kenta, masterchief, minhquanym, naps62, oyc_109, pashov, peritoflores, reassor, rfa, robee, sach1r0, saian, sashik_eth, shenwilly, simon135, slywaters, sorrynotsorry, sseefried, unforgiven, xiaoming90, ych18, zuhaibmohd, zzzitron
28.2781 USDC - $28.28
All other potential airdrops and royalties (ERC20, ERC721, ERC1155) are given to the bidder so it only seems fair that ETH received in this manner should be given to the bidder as well
ETH accumulated by underlying ERC721 in vault from royalties or airdrops are paid out to fictionalized ERC20 holders on buyout instead of bidder
Redeem gives fictionalized ERC20 holders their proportion of the ETH in the contract less the curator fee and unsettle bid amount. This does not account for any ETH received by the NFT such as royalties and airdrops while the NFT is in the contract. This means that any ETH received in this manner will instead be given to fictionalized ERC20 holders on buyout instead of the bidder.
Add a fallback function that counts and stores all ETH received from calls with no data as ETH received by the NFT. Add another function that allows the bidder to withdraw this amount after buyout is successful
#0 - HardlyDifficult
2022-07-03T15:00:31Z
This seems like a consideration aiming to improve the design. It's not clear that this would be the better solution and it does not seem to break the protocol -- so lowering the risk and converting this into a QA report for the warden.