TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of token tracking in `EpochInfo` struct, used in the `DaiGoldAuction` and `SpiceAuction` contracts

merlinboii

Summary

The DaiGoldAuction and SpiceAuction contracts retrieve EpochInfo struct from IAuctionBase to record auction data for each epoch.

However, the EpochInfo struct lacks a field to track the bid token and auction token.

Vulnerability Details

Both the DaiGoldAuction and SpiceAuction contracts can utilize various bid tokens and auction tokens for each epoch auction.

Currently, the DaiGoldAuction contract can change the bidToken, and the SpiceAuction contract can use TGLD and spice tokens interchangeably for both bidToken and auctionToken.

However, the EpochInfo struct lacks a token field to specifically track these tokens for each epoch.

struct EpochInfo {

/// @notice Start time for epoch

uint128 startTime;

/// @notice End time for epoch

uint128 endTime;

/// @notice Total amount of bid token deposited

uint256 totalBidTokenAmount;

/// @notice Total amount of auction tokens to distribute. Constant value

uint256 totalAuctionTokenAmount;

}

//Location: DaiGoldAuction.sol

function setBidToken(address _bidToken) external override onlyElevatedAccess {

if (_bidToken == address(0)) { revert CommonEventsAndErrors.InvalidAddress(); }

if (!epochs[_currentEpochId].hasEnded()) { revert InvalidOperation(); }

bidToken = IERC20(_bidToken);

emit BidTokenSet(_bidToken);

}

//Location: SpiceAuction.sol

function _getBidAndAuctionTokens(

SpiceAuctionConfig storage _config

) private view returns (address bidToken, address auctionToken) {

(bidToken, auctionToken) = _config.isTempleGoldAuctionToken

? (spiceToken, templeGold)

: (templeGold, spiceToken);

}

Impact

The off-chain/on-chain contracts handling funds will be unable to accurately track the bid and auction tokens associated with each epochId.

Tools Used

Manual Review

Recommendations

Modify the EpochInfo struct to include a dedicated token field for bidToken and auctionToken, ensuring clarity and accuracy in token tracking for each epoch.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.