TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect check prevents removal of the first auction configuration

meeve

Summary

DAOExecutor would not be able to remove first auction configuration because of the info.startTime == 0 check inside removeAuctionConfig in the SpiceAuction.sol file.

Vulnerability Details

Comment above the condition says that this check is for the first auction. And after investigating unit tests

vm.startPrank(daoExecutor);
// revert , no config
vm.expectRevert(abi.encodeWithSelector(ISpiceAuction.InvalidConfigOperation.selector));
spice.removeAuctionConfig();

I can say that this should revert if there is no config set. But actually what this is checking is if the auction already started. But there might be a case when the config is already set but the auction has not started yet.

Impact

DAOExecutor would not be able to remove the first auction configuration without starting the auction

Tools Used

Manual Review

Recommendations

Replace

if (info.startTime == 0) { revert InvalidConfigOperation(); }

with this

if (_currentEpochId == 0 && auctionConfigs[id+1].duration == 0) {
revert InvalidConfigOperation();
}

or

if (auctionConfigs[id].duration == 0 && auctionConfigs[id+1].duration == 0) {
revert InvalidConfigOperation();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`removeAuctionConfig` can't remove the first added `SpiceAuctionConfig` which in the end leads to inability to recover the funds associated to that auction

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.