TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Time-Lock Implementation for Epoch Manipulation Prevention

kevinkkien

Summary

The startAuction function in the DaiGoldAuction contract lacks a time-lock mechanism to prevent immediate auction starts after the previous one ends. This could allow malicious actors to manipulate epoch timings, potentially gaining an unfair advantage by starting auctions prematurely.

Vulnerability Details

The current implementation of startAuction allows anyone to trigger a new auction as soon as the previous one concludes, provided the auctionStarter address is not set. This lack of a delay could be exploited by attackers who continuously call startAuction, thereby manipulating the timing of epochs and potentially gaining an advantage in the bidding process.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L103-L126

Impact

The absence of a time-lock mechanism could lead to:

Epoch Time Manipulation: Attackers could repeatedly start new auctions, disrupting the intended rhythm of the auction cycles and potentially creating an environment where only they can effectively participate.
Unfair Advantage: By controlling the timing of auctions, attackers could potentially outmaneuver other bidders, gaining an unfair advantage in acquiring TGOLD.

Tools Used

Manual review

Recommendations

Implement a time-lock mechanism in the startAuction function to enforce a mandatory delay between the end of one auction and the start of the next.

Add a variable that stores the suggested auction start time:

uint256 public proposedAuctionStartTime;

Modify the startAuction function

function startAuction() external override {

// ... (other checks as before, like ensuring the auction isn't already started)

// Check if an auction starter is set and the caller is authorized

if (auctionStarter != address(0) && msg.sender != auctionStarter) {

revert CommonEventsAndErrors.InvalidAccess(); // Access control error

}

// ... (other checks as before)

// Check if a proposed start time has been set

if (proposedAuctionStartTime == 0) {

// If not, propose a start time in the future

proposedAuctionStartTime = block.timestamp + auctionConfig.auctionStartDelay;

emit AuctionStartProposed(proposedAuctionStartTime); // Notify of the proposed time

return; // Exit the function without starting the auction yet

}

// Check if the current time has reached or passed the proposed start time

if (block.timestamp < proposedAuctionStartTime) {

revert AuctionStartNotReady(); // Error: Auction can't start yet

}

// ... (continue with the rest of the startAuction logic)

// Reset proposedAuctionStartTime after the auction successfully starts

proposedAuctionStartTime = 0;

}

struct AuctionConfig {

// ... (other properties)

uint64 auctionStartDelay; // Time-lock delay in seconds

}

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.