TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Rebasing tokens will caus issues with `SpiceAuction`

pyro

Summary

When rebasing tokens are used inside SpiceAuction they will leave their rebases inside the contract and DOS it if a negative rebase occurs.

Vulnerability Details

With SpiceAuctionFactory any SpiceAuction can be made to trade gold for any other token, only excluding fee on transfer.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L194-L199

uint256 _bidTokenAmountBefore = IERC20(bidToken).balanceOf(_recipient);
IERC20(bidToken).safeTransferFrom(msg.sender, _recipient, amount);
uint256 _bidTokenAmountAfter = IERC20(bidToken).balanceOf(_recipient);
if (amount != _bidTokenAmountAfter - _bidTokenAmountBefore) { revert CommonEventsAndErrors.InvalidParam(); }

This means that rebasing tokens are still valid tokens for making an auction. However because of their properties rebasing tokens can cause 2 issues:

  1. They will always leave dust, after every auction, which also means that after the last auction for this token there would some amount left inside, that the admins would need to clean up.

  2. If a negative rebase occurs claim would not work, as there won't be enough tokens to fulfill the requests.

Impact

Rebases lost, contract will be potentially DOS for a few days (or a week or 2).

Tools Used

Manual review.

Recommendations

Given the current circumstances the best solution is to redesign the contract slightly to distribute shares of a token.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

Rebasing

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.