TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

`DaiGoldAuction` cannot recover tokens from no-bid auctions

merlinboii

Summary

The DaiGoldAuction contract lacks a mechanism to recover the TGLD auction tokens when there are no bids for the epoch auction.

As a result, the TGLD tokens will be locked in the DaiGoldAuction contract.

Vulnerability Details

The DaiGoldAuction contract lacks a mechanism to recover the TGLD auction tokens when there are no bids for the epoch auction.

Additionally, the DaiGoldAuction.recoverToken() does not support this recovery process.

Impact

The TGLD tokens will be locked in the DaiGoldAuction contract and will be unrecoverable.

Proof of Concept

Setup

Put the snippet below into the protocol test suite: test/forge/templegold/DaiGoldAuction.t.sol
Run test: forge test --mt test_auction_with_no_bid -vvv

Working Test Case

function test_auction_with_no_bid() public {

_setVestingFactor(templeGold);

skip(1 days);

//start auction

vm.startPrank(executor);

IDaiGoldAuction.AuctionConfig memory _config = _getAuctionConfig();

daiGoldAuction.setAuctionConfig(_config);

_startAuction();

IAuctionBase.EpochInfo memory info = daiGoldAuction.getEpochInfo(daiGoldAuction.currentEpoch());

// end auction time with 0 bidAmount

vm.warp(info.endTime);

uint256 recoverAmount = info.totalAuctionTokenAmount;

uint256 totalBidTokenAmount = info.totalBidTokenAmount;

// assertion of the TGLD distribution amount and 0 bid amount

assertEq(templeGold.balanceOf(address(daiGoldAuction)), recoverAmount);

assertEq(totalBidTokenAmount, 0);

assertEq(templeGold.balanceOf(address(bidToken)), totalBidTokenAmount);

// expectation: the recoverToken() can not use for this approach as the auction is ended

vm.expectRevert(abi.encodeWithSelector(IAuctionBase.AuctionEnded.selector));

daiGoldAuction.recoverToken(address(templeGold), alice, recoverAmount);

vm.stopPrank();

}

Results of running the test:

Ran 1 test for test/forge/templegold/DaiGoldAuction.t.sol:DaiGoldAuctionTest

[PASS] test_auction_with_no_bid() (gas: 324179)

Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 842.01ms (188.08µs CPU time)

Ran 1 test suite in 996.79ms (842.01ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)

Tools Used

Foundry
Manual Review

Recommendations

Update the DaiGoldAuction contract to include a mechanism that allows the recovery of TGLD tokens when there are no bids for an epoch auction.

This could involve adding a function that can be called by onlyElevatedAccess to recover unauctioned tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Auctioned tokens cannot be recovered for epochs with empty bids in DaiGoldAuction

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.