TempleGold

Summary

The bid function in the DaiGoldAuction contract is susceptible to MEV exploits. A miner can frontrun bids to secure a better price for Temple Gold (TGLD) tokens, resulting in a potential loss for legitimate users.

Vulnerability Details

The bid function allows users to place bids by transferring DAI to the treasury in exchange for a share of TGLD tokens. However, the function does not implement any mechanism to prevent frontrunning.

Miners or other entities with mempool visibility can observe incoming high bids and place their own bids just before the observed transactions are confirmed. This allows them to secure TGLD tokens at a more favorable rate and potentially sell them at a higher price, extracting value at the expense of other users.

Case Study:

1. A miner or an attacker monitors the mempool for high-value incoming bid transactions.

2. Just before the high-value transactions are confirmed, the miner places a bid with a slightly higher gas fee, ensuring their transaction is processed first.

3. After securing the TGLD tokens at a more favorable rate, the miner can sell them at a higher price, extracting value.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L132

Impact

Frontrunning is a well-known issue in blockchain transactions, and miners have the capability to exploit this vulnerability. This exploit can lead to significant financial losses for users participating in the auction.

Tools Used

Manual Review

Recommendations

To mitigate MEV risks, implement a commit-reveal scheme or bid blinding mechanism:

1. Commit-Reveal Scheme: Users first submit a commitment (a hash of their bid) and later reveal their bid in a separate transaction.

2. Bid Blinding: Bids are encrypted or otherwise obfuscated to prevent miners from observing the bid amounts in the mempool.