TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Invalid Parameter Check Prevents Temple Gold (TGLD) from Being Used as Spice Token in `SpiceAuctionFactory` contract

maanvad3r

Summary

The SpiceAuctionFactory contract is designed to create new SpiceAuction contracts, allowing for the auction of various tokens. According to the documentation and contract comments, Temple Gold (TGLD) should be usable as either the bid token or the auction token in these auctions. Specifically, the SpiceAuction contract allows for Temple Gold to be deposited into the contract to bid on a share of distributed spice tokens, or vice versa, for an epoch. However, the current implementation of SpiceAuctionFactory prevents TGLD from being used as a spice token, due to an invalid parameter check in the createAuction() function.

Vulnerability Details

The SpiceAuctionFactory contract includes a parameter check that prevents the creation of an auction if the specified spice token is Temple Gold (TGLD). Specifically, the createAuction function contains the following code snippet:

function createAuction(address spiceToken, string memory name) external override onlyElevatedAccess returns (address) {
if (spiceToken == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
if (spiceToken == templeGold) { revert CommonEventsAndErrors.InvalidParam(); } //@audit-issue should be able to use TGLD as bid token
SpiceAuction spiceAuction = new SpiceAuction(templeGold, spiceToken, daoExecutor, name);
bytes32 pairId = _getPairHash(spiceToken);
/// @dev not checking pair address exists to allow overwrite in case of a migration
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
return address(spiceAuction);
}

This check if (spiceToken == templeGold) { revert CommonEventsAndErrors.InvalidParam(); } prevents the use of TGLD as a spice token in any newly created SpiceAuction. According to the protocol documentation and the SpiceAuction contract comments, TGLD should be usable in Spice Auctions as a bid token or auction token, but this check disallows such functionality, potentially limiting the versatility and usability of the protocol.

Vulnerable code

Impact

The restriction on using TGLD as a spice token in SpiceAuction contracts significantly limits the flexibility of the auction system. Given that TGLD is a core asset within the TempleDAO ecosystem, being unable to use it as a spice token could hinder various intended use cases and integrations, including cross-chain auctions and other value transfer mechanisms within the Temple ecosystem.

Tools Used

  • Manual Review

  • VS Code

Recommendations

Remove the invalid parameter check that prevents TGLD from being used as a spice token. The createAuction() function should be updated as follows:

function createAuction(address spiceToken, string memory name) external override onlyElevatedAccess returns (address) {
if (spiceToken == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
// Remove the check that prevents TGLD from being used as a spice token
SpiceAuction spiceAuction = new SpiceAuction(templeGold, spiceToken, daoExecutor, name);
bytes32 pairId = _getPairHash(spiceToken);
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
return address(spiceAuction);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.