TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: medium
Invalid

Users will not be able to start an Auction

Summary

To start an Auction there should be a starter address setup, but there is no check that it was setup and it's not equal to address(0)

Vulnerability Details

To start an Auction the next function should be called:

function startAuction() external override {
uint256 epochId = _currentEpochId;
/// @dev config is always set for next auction
/// @notice Configuration is set before auctions so configId = currentEpochId + 1;
SpiceAuctionConfig storage config = auctionConfigs[epochId+1];
if (config.duration == 0) { revert CannotStartAuction(); }
/// @notice only starter
@> if (config.starter != address(0) && msg.sender != config.starter) { revert CommonEventsAndErrors.InvalidAccess(); }
...
}

And there should be config.starter setup in pror to that action.

Auction confic is set up in here:

function setAuctionConfig(SpiceAuctionConfig calldata _config) external onlyDAOExecutor {
/// @dev epoch Id is only updated when auction starts.
/// @dev cannot set config for past or ongoing auction
uint256 currentEpochIdCache = _currentEpochId;
if (currentEpochIdCache > 0) {
EpochInfo storage info = epochs[currentEpochIdCache];
/// Cannot set config for ongoing auction
if (info.isActive()) { revert InvalidConfigOperation(); }
}
if (_config.duration < MINIMUM_AUCTION_PERIOD
|| _config.duration > MAXIMUM_AUCTION_DURATION
|| _config.waitPeriod > MAXIMUM_AUCTION_WAIT_PERIOD) { revert CommonEventsAndErrors.InvalidParam(); }
/// @dev startCooldown can be zero
if (_config.waitPeriod == 0
|| _config.minimumDistributedAuctionToken == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }
if (_config.recipient == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
currentEpochIdCache += 1;
auctionConfigs[currentEpochIdCache] = _config;
emit AuctionConfigSet(currentEpochIdCache, _config);
}

But here has no check that a starter address is not equal to address(0). And there is no other function where a starter can be set.

So in case it would be missed on a setup stage, Auction will not be able to start.

Impact

Users will not be able to start an Auction

Tools Used

Manual review

Recommendations

Consider adding a zero address check to prevent empty starter address

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.