TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

USER_FIRST_BID ActivationMode in SpiceAuction Contract Does Not Function as Intended

0xCiphky

Vulnerability Details:

The SpiceAuction contract allows two types of auctions which can be set by the ActivationMode:

AUCTION_TOKEN_BALANCE: Auction is enabled and awaiting start if the amount of auction token is sent to the contract.
USER_FIRST_BID: Enable auction when a user bids for another volatile token.

enum ActivationMode {

/// @notice Auction is enabled and awaiting start if amount of auction token is sent to contract

AUCTION_TOKEN_BALANCE,

/// @notice Enable auction when user bids for other volatile token

USER_FIRST_BID

}

The problem with the current implementation is that when ActivationMode is set to USER_FIRST_BID, the auction will not work as intended. The bid function requires an auction to be active before a bid can be made. Therefore, the auction must be enabled first before a user can bid, which is what the first ActivationMode mode (AUCTION_TOKEN_BALANCE) is intended to do.

function bid(uint256 amount) external virtual override {

/// @dev Cache, gas savings

uint256 epochId = _currentEpochId;

EpochInfo storage info = epochs[epochId];

if (!info.isActive()) revert CannotDeposit();

if (amount == 0) revert CommonEventsAndErrors.ExpectedNonZero();

SpiceAuctionConfig storage config = auctionConfigs[epochId];

(address bidToken,) = _getBidAndAuctionTokens(config);

address _recipient = config.recipient;

uint256 _bidTokenAmountBefore = IERC20(bidToken).balanceOf(_recipient);

IERC20(bidToken).safeTransferFrom(msg.sender, _recipient, amount);

uint256 _bidTokenAmountAfter = IERC20(bidToken).balanceOf(_recipient);

// fee on transfer tokens

if (amount != _bidTokenAmountAfter - _bidTokenAmountBefore) revert CommonEventsAndErrors.InvalidParam();

depositors[msg.sender][epochId] += amount;

info.totalBidTokenAmount += amount;

emit Deposit(msg.sender, epochId, amount);

}

Impact:

When ActivationMode is set to USER_FIRST_BID, the auction cannot be started as intended because the bid function requires an active auction.

Tools Used:

Manual analysis

Recommendation:

Review and modify the implementation of the USER_FIRST_BID activation mode. Ensure that the auction can be correctly started upon the first user bid.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Minimum auction tokens check is incorrectly enforced in SpiceAuction in case of USER_FIRST_BID start type

Appeal created

0xCiphky Submitter

about 1 year ago

inallhonesty Lead Judge

about 1 year ago

0xCiphky Submitter

about 1 year ago

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.