TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-1] DaiGoldAuction::setAuctionConfig event AuctionConfigSet emits _currentEpochId which is still the last epochId (L72)

binary

Description:

The setAuctionConfig() function in the DaiGoldAuction contract is responsible for setting the auction configuration. However, the function emits an AuctionConfigSet event with the _currentEpochId, which refers to the last epoch ID instead of the current one. This can lead to confusion and potential errors in tracking the configuration changes, as the emitted event will reference an outdated epoch ID.

Impact:

Emitting the last epochId instead of the current one has several potential impacts:

Tracking and Debugging: It can make it difficult to track and debug the configuration changes, as the emitted event references an outdated epoch ID.
Data Integrity: Misleading event data can compromise the integrity of the information being tracked, leading to incorrect assumptions and decisions based on the event logs.
User Confusion: Users and developers relying on event logs for accurate and up-to-date information may face confusion and errors, affecting their interaction with the contract.

Proof of Concept:

Below is the setAuctionConfig() function as it currently stands, emitting the _currentEpochId:

function setAuctionConfig(AuctionConfig calldata _config) external override onlyElevatedAccess {
if (_config.auctionStartCooldown == 0
|| _config.auctionMinimumDistributedGold == 0
|| _config.auctionsTimeDiff == 0)
{ revert CommonEventsAndErrors.ExpectedNonZero(); }
if (!epochs[_currentEpochId].hasEnded()) { revert InvalidOperation(); }
auctionConfig = _config;
@> emit AuctionConfigSet(_currentEpochId, _config);
}

Recommended Mitigation:
To address this issue, it is recommended to ensure that the correct, current epoch ID is emitted in the AuctionConfigSet event. This can be achieved by updating the _currentEpochId after the current epoch has ended, and then emitting the updated epoch ID in the event.

  • Here is an example of how this can be implemented:

  • Update the Function to Emit the Correct Epoch ID:

function setAuctionConfig(AuctionConfig calldata \_config) external override onlyElevatedAccess {
if (_config.auctionStartCooldown == 0
|| _config.auctionMinimumDistributedGold == 0
|| _config.auctionsTimeDiff == 0)
{ revert CommonEventsAndErrors.ExpectedNonZero(); }
if (!epochs[_currentEpochId].hasEnded()) { revert InvalidOperation(); }
// Increment the epoch ID to represent the new current epoch
+ _currentEpochId++;
auctionConfig = _config;
emit AuctionConfigSet(_currentEpochId, _config);
}

By updating the _currentEpochId before emitting the event, the contract ensures that the correct, current epoch ID is emitted, enhancing the accuracy and reliability of the event logs.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.