Recumbent Lead Crane - endAuction() might suffer from donation attack #1046
Description
Recumbent Lead Crane
Medium
endAuction() might suffer from donation attack
Summary
endAuction() function in Auction.sol rely on totalSellReserveAmount >= (IERC20(sellReserveToken).balanceOf(pool) * poolSaleLimit) / 100 condition to set auction state to FAILED_POOL_SALE_LIMIT, this expose this fuction to donnation attack since attacker can send some sellReserveToken to pool to make this condition validated and get auction state set to FAILED_POOL_SALE_LIMIT.
Root Cause
In Auction.sol:341-342
https://github.com/sherlock-audit/2024-12-plaza-finance/blob/main/plaza-evm/src/Auction.sol#L341-L342
auction state FAILED_POOL_SALE_LIMIT condition
In Auction.sol:356
https://github.com/sherlock-audit/2024-12-plaza-finance/blob/main/plaza-evm/src/Auction.sol#L356
Internal Pre-conditions
No response
External Pre-conditions
No response
Attack Path
No response
Impact
This will cause claimBid() to revert AuctionFailed()
PoC
No response
Mitigation
Use internal tracking of sellReserveToken balance.