TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

In `SpiceAuction.sol` contract the End Time is incorrectly set

0xdhanraj30

Summary:

In the startAuction function of the SpiceAuction contract, the end time of the auction is set incorrectly. The current implementation sets the endTime using block.timestamp instead of the startTime calculated earlier in the function.

Vulnerability Details:

uint128 startTime = info.startTime = uint128(block.timestamp) + config.startCooldown;
uint128 endTime = info.endTime = uint128(block.timestamp) + config.duration;

Impact:

This results in the auction end time being shorter than expected. Specifically, the end time is not appropriately extended by the startCooldown period, which means the auction could close prematurely, leading to potential issues for participants who expect the auction to run for the full intended duration.

Tools Used:

Manual, Foundry

Recommendations:

To ensure the auction runs for the correct duration starting from the startTime, the endTime should be calculated using the startTime plus the configured duration.

Corrected Code:

uint128 startTime = info.startTime = uint128(block.timestamp) + config.startCooldown;
uint128 endTime = info.endTime = startTime + config.duration;
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.