Using CREATE opcode is suspicious to re-org attack.
Summary
The temple protocol allow multiple deployment of spiceAuction using SpiceAuctionFactory::createAuction which will deploy new instance of SpiceAuction and return the address. After deployment the new Instance of SpiceAuction will hold the assets for auction , however If re-orgs occur the assets hold by new spiceAuction will be lost.
Vulnerability Details
As mentioned in the report's title, reorgs can occur in all EVM chains and are most likely on L2's like Arbitrum. Since the protocol's main deployment is on Arbitrum, the following scenario could occur due to reorgs:
Bob deploys a new
SpiceAuctionusingSpiceAuctionFactory::createAuctionat block 1234567.Bob creates the auction, starts it, and transfers the auction tokens at block 1234567.
A block reorg occurs, and block 1234567 is no longer part of the chain.
The assets held by the contract will be lost.
Impact
The re-orgs will result for lost of assets due to CREATE op-code.
Tools Used
Manual Review
Recommendations
use CREATE2 op-code to deploy new auction and store nonce for users in mapping.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.