TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

DaiGoldAuction claim will always leave some dust inside the contract

pyro

Summary

DaiGoldAuction claim will always leave some dust inside the contract

Vulnerability Details

claim calculates how much each user is owned by multiplying bidTokenAmount by totalAuctionTokenAmount and then dividing the result by totalBidTokenAmount, while rounding down.

uint256 claimAmount = bidTokenAmount.mulDivRound(info.totalAuctionTokenAmount, info.totalBidTokenAmount, false);

templeGold.safeTransfer(msg.sender, claimAmount);

However unlike SpiceAuction, DaiGoldAuction has no way to retrieve the dust that is left out. This may seems small at first glance, but this rounding will round down on every claim call, on every auction, slowly accumulating over time.

Impact

Small amounts of tokens will end up stuck inside the contract.

Tools Used

Manual review

Recommendations

Create a function to rescue this dust, or use the _claimedAuctionTokens mechanic from SpiceAuction.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Due to the way claim works in DAIGoldAuction there will always be some TGLD left inside the contract.

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.