Summary

setAuctionConfig wrongly checks for if current auction is active.

Vulnerability Details

SpiceAuction's setAuctionConfig function is used to set set the config for the next auction.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L101-L102

Before doing that first it validates the data (as it should), however during it's validation is wrongly checks for if our current auction is active.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L88-L92

In the current case, this is not needed as we always set the config for the next auction, not this one. This additional verification only decreases the function efficiency and worsens the operational power of the contract. This can also be dangerous, as if admins need to change the config for the next auction they can do it only in the waiting period before the next auctions starts, and if the waiting period is short then they can potentially miss the opportunity to change the params.

Impact

Admin ability to set configs is lowered.Unneeded complications. Potentially causing admins to miss the window for setAuctionConfig.

Tools Used

Manual review

Recommendations

Remove the check.