TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

There is no token recovery mechanism when the auction ends without any bids in the `DaiGoldAuction` contract.

tripathi

Summary

There is no token recovery mechanism when the auction ends without any bids in the DaiGoldAuction contract.

Vulnerability Details

In the DaiGoldAuction contract, when an auction ends with no bids, the auction tokens (TempleGold in this case) are locked in the contract and cannot be recovered.

function recoverToken(
address token,
address to,
uint256 amount
) external override onlyElevatedAccess {
........................................
if (token != address(templeGold)) {
emit CommonEventsAndErrors.TokenRecovered(to, token, amount);
IERC20(token).safeTransfer(to, amount);
return;
}
........................................
if (info.isActive()) { revert AuctionActive(); }
if (info.hasEnded()) { revert AuctionEnded(); }

During recovery, if the token is TempleGold, it checks if the auction has ended. It will revert on recovery of an auction with zero bids. All the allotted TempleGold in the auction will be locked and cannot be used in future auctions since it does not check the TempleGold balance of the contract during startAuction, but instead tracks nextAuctionGoldAmount, which resets to zero at the start of every auction.

Impact

The auction tokens will be stuck in the contract and cannot be recovered.

Tools Used

Manual

Recommendations

Add a function to recover auction tokens when an auction ends without any bids, similar to SpiceAuction::recoverAuctionTokenForZeroBidAuction()

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Auctioned tokens cannot be recovered for epochs with empty bids in DaiGoldAuction

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.