TempleGold

Summary

This vulnerability could be applied to both the auction contracts.
1. DaiGoldAuctionand
2. SpiceAuction

But it is illustrated using the DaiGoldAuctioncontract here.

The contract allows users to obtain TGLD by bidding DAI in an aution,
where the epoch lasts 1 week.

The issue arises from the fact that smaller DAI bidders could end up with 0 TGLD claim,
if totalBidTokenAmountgrows to become a very large number.

This results in loss of funds to small bidders as there is no mechanism to refund.

Vulnerability Details

Consider the following scenario.

1. info.totalAuctionTokenAmount = 10,000 TGLD

2. Bob places a bid of 50 DAI on Day 1 of the epoch.

3. By Day 7, additional bids are placed by other users to increase the total bid amount to 1,000,000 DAI.

claimAmount = 50 * 10000 / 200000

Since Solidity performs integer division and the result is 0.5,
it would be truncated to 0.

When Bob attempts to claim his TGLD, he gets 0.

Impact

Users who bid comparatively lower amounts in retrospect,
could lose DAI and claim 0 TGLD if the amount of total bid totalBidTokenAmount becomes a large number.

Tools Used

Foundry, Manual Analysis

Recommendations

There could be few different solutions

Solution 1
1.1 Place a maximum threshold on the total bid amount, and
1.2. Impose a minimum bid amount.

Solution 2
Implement a mechanism to refund users who get 0 TGLD from an epoch.