Summary

The DaiGoldAuction.sol contract is vulnerable to an exploit involving flash mintable tokens, specifically DAI. An attacker can mint a large amount of DAI within a single transaction, place a last-second bid in the auction, win a disproportionate amount of Temple Gold (TGLD) tokens, and then use these tokens in a parallel SpiceAuction to obtain valuable volatile tokens. These tokens can then be sold on a DEX to repay the flash mint and keep the profits, effectively draining the protocol's valuable assets.

Vulnerability Details

The DaiGoldAuction.sol contract allows users to bid using DAI in exchange for Temple Gold (TGLD) tokens. The contract is vulnerable to an exploit using flash mintable tokens like DAI due to the following factors:

1. Flash Minting Capability: Since DAI is a flash mintable token, an attacker can mint large amounts of DAI within a single transaction without requiring collateral, as long as it is repaid within the same transaction.

2. Lack of Bid Timing Restrictions: The contract allows bids to be placed at the last second, giving an attacker the opportunity to exploit this timing.

3. Auction Structure: The contract allows users to place large bids at the last moment, ensuring they can win a significant amount of TGLD tokens by outbidding others.

Vulnerable code

• https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L132-L143

• https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L183-L203

• https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/AuctionBase.sol#L15

Proof of Concept

Since DAI is a flash mintable token, it does not require collateral to be minted in large amounts as long as it is repaid within 1 transaction. According to the weird ERC20 GitHub page, an attacker can execute the following steps to exploit the vulnerability:

1. Flash Mint DAI:
   * The attacker mints a large amount of DAI without providing collateral, as long as it is repaid within the same
   transaction.

2. Monitor Auction Timing:
   * The attacker monitors the auction's end time using the internal epochs mapping:

• No matter that this is internal, everything on the blockchain can be seen, so the attacker can determine the exact
  end time of the auction.

1. Place Last-Second Bid:
   * The attacker places a large bid just before the auction ends, using the flash-minted DAI to ensure they win a
   significant amount of TGLD tokens.

2. Claim TGLD:
   * After the auction ends, the attacker claims the TGLD tokens they won.

3. Parallel SpiceAuction:
   * It is possible for a SpiceAuction to end around the same time as a DAI auction. The attacker can use the acquired
   TGLD tokens to bid in a SpiceAuction for valuable volatile tokens just before it ends. By winning the auction, the
   attacker obtains the volatile tokens.

4. Sell and Repay:
   * The attacker sells the acquired volatile tokens on a DEX, converts them back to DAI, repays the flash mint, and keeps
   the remaining profit.

Impact

The primary impact of this vulnerability is that it allows attackers to manipulate the auction system to gain a disproportionate share of Temple Gold (TGLD) tokens and subsequently valuable volatile tokens, without providing any real value to the protocol. This exploitation undermines the fairness and integrity of the auction process and can significantly distort the intended distribution of TGLD and other auctioned assets. Such an exploit can lead to:

1. Market Manipulation: By acquiring a large amount of TGLD at minimal cost, attackers can manipulate the secondary market prices of volatile tokens obtained through the SpiceAuction, potentially leading to significant price volatility.

2. Loss of Trust: The perceived fairness and security of the TempleDAO auction system could be severely compromised, leading to a loss of trust among participants and potential investors.

3. Economic Disparity: Legitimate users who participate in the auctions in good faith might be unfairly deprived of their share of TGLD and volatile tokens, leading to economic disparity within the ecosystem.

4. Treasury Impact: Although the treasury itself isn't directly drained, the overall value and distribution efficiency of the treasury-backed tokens can be compromised, affecting the protocol's long-term economic sustainability.

Tools Used

• Manual Review

• VS code

Recommendations

Restrict Bid Timing:
Implement a bidding window that closes a few minutes before the auction end to prevent last-second bids.