TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

frozen tokens due to precision loss in SpiceAuction and DaiGoldAuction

dinkras

Summary

A bidder can claim his reward tokens after the end of each auction. However, a fraction of the reward is not transfered to the bidder due to precision loss issues.

Vulnerability Details

In both DaiGoldAuction and SpiceAuction a bidder claims his rewards(TGLD or rare token). However, due to the calculation of the claimAmount there is almost always a precision loss.

@> precision loss uint256 claimAmount = bidTokenAmount.mulDivRound(info.totalAuctionTokenAmount, info.totalBidTokenAmount, false);
templeGold.safeTransfer(msg.sender, claimAmount);
emit Claim(msg.sender, epochId, bidTokenAmount, claimAmount);

This leads to not all rewards being transferred to the bidder -> stuck tokens inside the protocol. With lots of bidds and bidders, the number of stuck tokens amount will increase linearly. The problem is that there is no way for the bidders or even the protocol to transfer those stuck funds somewhere else.

Code snippets:

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/SpiceAuction.sol#L223-L226

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L160-L163

Impact

Frozen tokens: TGLD and rare tokens inside DaiGoldAuction and SpiceAuction, which cannot be recovered and remain stuck inside the contracts.

Tools Used

Manual review

Recommendations

For each user call of claim() of tokens, save how many tokens were lost due to the precision loss issue.

Implement a functionality that recovers those leftover tokens(to the bidder or the protocol)

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.