TempleGold

Summary

The audit identified a potential vulnerability in the staking mechanism and auction contracts. Specifically, the absence of a minimum staking amount could be exploited by a malicious user, leading to a Denial of Service (DoS) attack. This issue is also present in the bidding process of the SpiceAuction and DaiGoldAuction contracts.

Vulnerability Details

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/DaiGoldAuction.sol#L24

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/SpiceAuction.sol#L24

1. Staking without Minimum Amount:

   • The stake and stakeFor functions allow users to stake any amount, including very small amounts (dust amounts).

   • Code Snippet:

     /**

     * @notice Stake

     * @param amount Amount of staking token

     */

     function stake(uint256 amount) external override {

     stakeFor(msg.sender, amount);

     }

     ​

     /**

     * @notice Stake for account when contract is not paused.

     * @param _for Account to stake for

     * @param _amount Amount of staking token

     */

     function stakeFor(address _for, uint256 _amount) public whenNotPaused {

     if (_amount == 0) revert CommonEventsAndErrors.ExpectedNonZero();

     // pull tokens and apply stake

     stakingToken.safeTransferFrom(msg.sender, address(this), _amount);

     uint256 _lastIndex = _accountLastStakeIndex[_for];

     _accountLastStakeIndex[_for] = ++_lastIndex;

     _applyStake(_for, _amount, _lastIndex);

     _moveDelegates(address(0), delegates[_for], _amount);

     }

2. Minimum Amount for Bidding in Auctions:

   • Similar to staking, there is no minimum amount requirement for bidding in SpiceAuction and DaiGoldAuction.

3. DoS Attack via Dust Amounts:

   • A malicious user could repeatedly stake dust amounts (2^256 - 1 times) to a specific address, effectively DoS-ing the staking process for that address during the current epoch.

Impact

The lack of a minimum staking amount exposes the contract to a Denial of Service (DoS) attack. A malicious user could exploit this by front-running other users and staking dust amounts repeatedly, preventing legitimate staking actions for a particular address. This issue can disrupt the staking process and negatively affect user experience and trust in the system.

Tools Used

Manual Review

Recommendations

1. Implement a Minimum Staking Amount:

   • Modify the stake and stakeFor functions to include a check for a minimum staking amount.

2. Set Minimum Bid Amounts for Auctions:

   • Introduce a minimum bid amount for SpiceAuction and DaiGoldAuction contracts to prevent similar exploits in the bidding process.

3. Mitigate DoS Risks:

   • Consider implementing additional checks and balances to prevent users from repeatedly staking dust amounts to the same address within a short period.