TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of check for empty string `name` parameter in `SpiceAuctionFactory::createAuction()` function

Trident Audits

Summary

The SpiceAuctionFactory::createAuction() function does not check if the name of the spice auction is an empty string (set to "").

Vulnerability Details

In the SpiceAuctionFactory::createAuction() function, a new spice auction contract is deployed by passing in the templeGold, spiceToken, daoExecutor addresses, as well as the name of the spice auction. Sanity checks are applied for all those parameters, except for the spice auction name.

Impact

Spice auctions can be deployed without a name (simply ""), which is undesirable for identification purposes.

Tools Used

Manual review.

Recommended Mitigation

Convert the string to bytes, and check if it's length is greater than zero or not.

function createAuction(address spiceToken, string memory name)
external
override
onlyElevatedAccess
returns (address)
{
if (spiceToken == address(0)) revert CommonEventsAndErrors.InvalidAddress();
if (spiceToken == templeGold) revert CommonEventsAndErrors.InvalidParam();
+ if (bytes(name).length == 0) revert CommonEventsAndErrors.InvalidParam();
SpiceAuction spiceAuction = new SpiceAuction(templeGold, spiceToken, daoExecutor, name);
bytes32 pairId = _getPairHash(spiceToken); // @audit-issue Can there be collisions? Yes, if the same spice token
// is used again for creating an auction
/// @dev not checking pair address exists to allow overwrite in case of a migration
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
return address(spiceAuction);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.