TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-2] SpiceAuction::createAuction has no sanity checks for name parameter

binary

Description:

The createAuction() function in the SpiceAuction contract allows for the creation of new auction instances. However, the function does not perform any sanity checks on the name parameter. The name parameter is expected to be a meaningful identifier for the auction, and without validation, it could lead to potential issues such as empty names

Impact:

The absence of sanity checks on the name parameter has several potential impacts:

Usability: Auctions with invalid or poorly formatted names can lead to confusion and reduce the usability of the contract for users and interfaces.

Data Integrity: Allowing arbitrary values for the name parameter can result in inconsistent data and make it harder to maintain and query auctions.

Proof of Concept:

Below is the createAuction() function as it currently stands, without any sanity checks for the name parameter:

function createAuction(address spiceToken, string memory name) external override onlyElevatedAccess returns (address) {
if (spiceToken == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
if (spiceToken == templeGold) { revert CommonEventsAndErrors.InvalidParam(); }
SpiceAuction spiceAuction = new SpiceAuction(templeGold, spiceToken, daoExecutor, name);
bytes32 pairId = _getPairHash(spiceToken);
/// @dev not checking pair address exists to allow overwrite in case of a migration
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
return address(spiceAuction);
}

Recommended Mitigation:

To address this issue, it is recommended to implement sanity checks on the name parameter within the createAuction() function.

Use the Check in the Function:

function createAuction(address spiceToken, string memory name) external override onlyElevatedAccess returns (address) {
if (spiceToken == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }
if (spiceToken == templeGold) { revert CommonEventsAndErrors.InvalidParam(); }
+ if (bytes(name).length == 0) { revert NameCannotBeEmpty(); }
SpiceAuction spiceAuction = new SpiceAuction(templeGold, spiceToken, daoExecutor, name);
bytes32 pairId = _getPairHash(spiceToken);
/// @dev not checking pair address exists to allow overwrite in case of a migration
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
return address(spiceAuction);
}

By implementing these sanity checks, the contract ensures that the name parameter is valid and meets the desired criteria, thereby enhancing the contract's reliability and usability.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.