TempleGold

Summary

The _totalAuctionTokenAllocation is not reset when removeAuctionConfig is called under certain conditions, leading to potential token duplication and unrecoverable tokens. Additionally, the logic for setting and removing configurations during auction cooldown periods is inconsistent.

Vulnerability Details

The _totalAuctionTokenAllocation mapping is not being reset when removeAuctionConfig is called in cases where configSetButAuctionStartNotCalled is false. This can cause duplication issues if the configuration is removed and then set again. Specifically, this can lead to situations where the recoverToken function will allow the recovery of fewer auction tokens than expected, potentially leaving tokens unrecoverable forever. This issue arises particularly when there is an auction start cooldown after calling startAuction and removeAuctionConfig is subsequently called. The current code structure also allows setting the next configuration while not permitting the removal of a configuration if the auction is in process, leading to inconsistencies.

Impact

High, possibility to remove more tokens than allocated for claim. Impossibility to reset those values.

Tools Used

Manual review

Recommendations

To resolve this issue, ensure that _totalAuctionTokenAllocation is properly reset or adjusted when removeAuctionConfig is called, particularly when configSetButAuctionStartNotCalled is false. This will prevent duplication and ensure that tokens are recoverable as expected. Additionally, refactor the logic in removeAuctionConfig to handle the removal of configurations more consistently, even during auction cooldown periods, and ensure that the next configuration can only be set when appropriate. This will help maintain the integrity of the auction process and prevent potential token recovery issues.