Submission Details
Severity:
"startCooldown can be zero" but if it is zero then it reverts
Summary
Comment says that startCooldown can be zero but it reverts if it is zero.
/// @dev startCooldown can be zero
if (
_config.waitPeriod == 0 || _config.minimumDistributedAuctionToken == 0
) {
revert CommonEventsAndErrors.ExpectedNonZero();
}
if (_config.recipient == address(0)) {
revert CommonEventsAndErrors.InvalidAddress();
}
Vulnerability Details
Users who wants to start an auction have to wait for cooldown period. This will make users attend less auctions and lead to waste of time.
Impact
Medium
As a PoC, include the following test in the SpiceAuction.t.sol
function test_setAuctionConfig_waitPeriodCannotBeZero() public {
ISpiceAuction.SpiceAuctionConfig memory config = _getAuctionConfig();
config.waitPeriod = 0;
vm.startPrank(daoExecutor);
vm.expectRevert(CommonEventsAndErrors.ExpectedNonZero.selector);
spice.setAuctionConfig(config);
vm.stopPrank();
}
Tools Used
Manual review
Recommendations
If the comment is true then:
- if (
- _config.waitPeriod == 0 || _config.minimumDistributedAuctionToken == 0
- ) {
- revert CommonEventsAndErrors.ExpectedNonZero();
- }
+ if (_config.minimumDistributedAuctionToken == 0) {
+ revert CommonEventsAndErrors.ExpectedNonZero();
}
if (_config.recipient == address(0)) {
revert CommonEventsAndErrors.InvalidAddress();
}
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.