Anyone can manipulate auction start time on DaiGoldAuction contract
Summary
If anyone can start the minting process on DaiGoldAuction - they can manipulate the start time of an auction since the auction start depends based on the minimum amount of TempleGold it holds.
Vulnerability Details
Lets say the minimum auction start amount must be 55 TG tokens and the minimum mint amount on TempleGold contract is 10. Minting 1 token takes 1 second wait time.
If we mint after 55 seconds, we will be able to start the auction immediately - but notice that if we mint after 54 seconds, we will have to wait another 10 seconds to be able to start the auction.
It increases the wait time for the auction to start to 9 seconds.
This is just an simple example but if brought up to a larger scale, it can certainly impact the auction start much more.
Vulnerability stems from the fact that anyone can call the mint function and start the distribution process.
Impact
Auction start time can be easily manipulated. Severity is put as low since we consider that to not be a vulnerability - but if the sponsors feel otherwise we would like to hear from them.
Tools Used
Manual review
Recommendations
Either restrict the mint process or accept the current design.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.