Summary
To start an Auction there should be a starter address setup, but there is no check that it was setup and it's not equal to address(0)
Vulnerability Details
To start an Auction the next function should be called:
function startAuction() external override {
uint256 epochId = _currentEpochId;
SpiceAuctionConfig storage config = auctionConfigs[epochId+1];
if (config.duration == 0) { revert CannotStartAuction(); }
@> if (config.starter != address(0) && msg.sender != config.starter) { revert CommonEventsAndErrors.InvalidAccess(); }
...
}
And there should be config.starter setup in pror to that action.
Auction confic is set up in here:
function setAuctionConfig(SpiceAuctionConfig calldata _config) external onlyDAOExecutor {
uint256 currentEpochIdCache = _currentEpochId;
if (currentEpochIdCache > 0) {
EpochInfo storage info = epochs[currentEpochIdCache];
if (info.isActive()) { revert InvalidConfigOperation(); }
}
if (_config.duration < MINIMUM_AUCTION_PERIOD
|| _config.duration > MAXIMUM_AUCTION_DURATION
|| _config.waitPeriod > MAXIMUM_AUCTION_WAIT_PERIOD) { revert CommonEventsAndErrors.InvalidParam(); }
if (_config.waitPeriod == 0
|| _config.minimumDistributedAuctionToken == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }
if (_config.recipient == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
currentEpochIdCache += 1;
auctionConfigs[currentEpochIdCache] = _config;
emit AuctionConfigSet(currentEpochIdCache, _config);
}
But here has no check that a starter address is not equal to address(0). And there is no other function where a starter can be set.
So in case it would be missed on a setup stage, Auction will not be able to start.
Impact
Users will not be able to start an Auction
Tools Used
Manual review
Recommendations
Consider adding a zero address check to prevent empty starter address