TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Auction does not last the full duration because of off by one error

arnie

Summary

Auction does not last the full duration because of off by one error

Vulnerability Detail

The auction duration is how long the auction should be open for and accepting bids. The problem occurs when we set the endtime of the auction to include part of the duration.

uint128 endTime = info.endTime = startTime + config.duration;

as we can see from the snippet above the endTime is set to the startTime + the duration of the auction. But if we check what constitutes an ended auction we will observe the followig...

function hasEnded(IAuctionBase.EpochInfo storage info) internal view returns (bool) {
return info.endTime <= block.timestamp;
}

as we can see if the end time is <= the timestamp then the auction has ended.

This means that the duration of the the auction is actually Duration -1 and not actually the full duration. Users who expect the auction to be open for the entire duration will not be able to bid when they should because of the off by one error.

Impact

Auction End time is set while the auction should technically be running because of off by one error. Auction will end when it shouldnt and no allow users to bid when they should.

Code Snippet

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/SpiceAuction.sol#L170

Tool used

Manual Review

Recommendation

set the end time to be 1 more than the duration + auction start time in order for the auction to run the full duration.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.