TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`USER_FIRST_BID` Mode of activation in `SpiceAuction.sol` will almost never execute

superman_i4g

Summary

SpiceAuction has 2 ways to activate or allow starting an auction, either activation with AUCTION_TOKEN_BALANCE (i.e auction is enabled and awaiting start if the amount of auction token is sent to contract) or USER_FIRST_BID (i.e enable auction when user bids for other volatile tokens). However, the current implementation neglects USER_FIRST_BID which will make starting an auction never execute or always revert if the activation mode is by USER_FIRST_BID.

Vulnerability Details

While starting an auction for the next epoch, the startAuction function in SpiceAuction.sol checks the mode of activation for an auction which can be in two ways.

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/interfaces/templegold/ISpiceAuction.sol#L36-L41

  • Mode of activation by AUCTION_TOKEN_BALANCE (i.e auction is enabled and awaiting start if the amount of auction token is sent to contract): startAuction function checks if the mode of activation is by AUCTION_TOKEN_BALANCE and if true, it checks to ensure that the minimumDistributedAuctionToken is configured since this mode of activation will only be enabled by the amount of auction token sent to SpiceAuction contract therefore, it will have to ensure the that the auction token amount sent is sufficient (i.e not some dust amount - cannot be less than minimumDistributedAuctionToken).

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/SpiceAuction.sol#L161-L163

  • Mode of activation by USER_FIRST_BID (i.e enable auction when user bids for other volatile tokens): Unlike AUCTION_TOKEN_BALANCE mode of activation, SpiceAuction contract does not need to have sent auction token amount for the auction to start. The auction starts once the first user bids so there won't be a need to check if minimumDistributedAuctionToken is set and the auction token amount is sufficient (i.e cannot be less than minimumDistributedAuctionToken) therefore the AUCTION_TOKEN_BALANCE check will be skipped.

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/SpiceAuction.sol#L164

However, while there is no need to check if minimumDistributedAuctionToken is set and the auction token amount is sufficient (i.e cannot be less than minimumDistributedAuctionToken) in case of USER_FIRST_BID mode of activation, the function still checks if the amount of auction tokens for an auction is sufficient (i.e cannot be less than minimumDistributedAuctionToken) when this should not be mandatory for USER_FIRST_BID mode of activation. Therefore this will lead to a constant revert especially if the amount of auction tokens for an auction is less than minimumDistributedAuctionToken which should not be mandatory for USER_FIRST_BID activation.

Impact

USER_FIRST_BID activation mode will most likely always revert.

Tools Used

Manual

Recommendations

if (config.activationMode == ActivationMode.AUCTION_TOKEN_BALANCE) {
if (config.minimumDistributedAuctionToken == 0) { revert MissingAuctionTokenConfig(); }
+ if (epochAuctionTokenAmount < config.minimumDistributedAuctionToken) { revert NotEnoughAuctionTokens(); }
}
- if (epochAuctionTokenAmount < config.minimumDistributedAuctionToken) { revert NotEnoughAuctionTokens(); }
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.