TempleGold

Summary

Imprecise auction end timing due to block timestamp equality check

Vulnerability Details

The hasEnded function in the smart contract uses a <= comparison with block.timestamp, which can lead to premature determination of auction end.

function hasEnded(IAuctionBase.EpochInfo storage info) internal view returns (bool) {
return info.endTime <= block.timestamp;
}

https://github.com/Cyfrin/2024-07-templegold/blob/6c3980a0486c01114d0ef1281df188b6c01991e6/protocol/contracts/templegold/EpochLib.sol#L13C2-L15C6

This vulnerability affects several critical functions that rely on hasEnded():

1. setAuctionConfig

2. setAuctionStarter

3. setBidToken

4. startAuction

5. claim

6. recoverToken

https://github.com/Cyfrin/2024-07-templegold/blob/6c3980a0486c01114d0ef1281df188b6c01991e6/protocol/contracts/templegold/DaiGoldAuction.sol#L103

These functions may execute or revert incorrectly due to imprecise auction end determination.

Functions like setAuctionConfig, setAuctionStarter, and setBidToken may execute slightly earlier than intended, potentially during the last block of an auction.

The claim function might allow users to claim rewards slightly earlier than intended.

The root cause of this bug is the use of <= in the hasEnded function which allows for exact equality with block.timestamp.

Impact

The affected functions will execute or revert incorrectly due to imprecise auction end determination.

Tools Used

Manual review

Recommendations

It is recommended to remove "=" from hasEnded function:

function hasEnded(IAuctionBase.EpochInfo storage info) internal view returns (bool) {
return info.endTime < block.timestamp;
}