removeAuctionConfig function doesn't work as intended
Summary
In SpiceAuction, removeAuctionConfigis used to remove the auction config. But it is not working as intended and it's behaviour varies in removing the auction config depending on whether the current auction is in cooldown or is active(started).
Vulnerability Details
The function removeAuctionConfigis not only used to remove the current auction config(under certain scenarios) but can also be used to remove the next auction config(denoted by configSetButAuctionStartNotCalled in the function). However, due to following check added in the function removeAuctionConfig, the next auction can be removed in certain cases only.
https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L115-L118
if configSetButAuctionStartNotCalledis true, it removes the next auction config from auctionConfigsarray. However, this can only be removed if current ongoing auction is in cooldown but not active because the function will revert if info.isActive()is true. This condition is not necessary to be checked when removing the next auction config. The daoExecutorwill need to wait till current auction is over to remove the next auction config due to these cases.
Impact
Different behaviour in removeAuctionConfig in removing next auction config depending on different phase(cooldown or active) of current ongoing auction.
Tools Used
Manual review
Recommendations
The check info.isActive()should not revert when configSetButAuctionStartNotCalled because removing next auction config doesn't depend on current ongoing auction state.
Lead Judging Commences
removing next auction config shouldn't depend on current ongoing auction state
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.