No TGLD recover mechanism in `DaiGoldAuction` when the auction ends without any bid
Vulnerability Details
In DaiGoldAuction contract, when an auction ends with no bids, the TGLD tokens are locked into the contract and can’t be recovered. recoverToken can not be used to recover TGLD tokens because it will revert when the auction epoch ends:
There is no other way to recover the auction tokens. As a consequence, the TGLD tokens will be permanently locked in the contract
Impact
If the auction epoch ends without any bid, the TGLD tokens will be permanently locked in the contract
Tools Used
Manual Review
Recommendations
Consider adding a separate function that recovers TGLD tokens when the auction epoch ends without any bids. Similar to the one implemented in SpiceAuction::recoverAuctionTokenForZeroBidAuction
Lead Judging Commences
Auctioned tokens cannot be recovered for epochs with empty bids in DaiGoldAuction
Appeal created
Auctioned tokens cannot be recovered for epochs with empty bids in DaiGoldAuction
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.