TempleGold

Summary

The vulnerability stems from the possibility that due to rounding, a bidder might receive a claim amount of zero even though they have contributed a non-zero amount of bid tokens. This scenario occurs when the product of bidTokenAmount and totalAuctionTokenAmount is less than totalBidTokenAmount. In such cases, the division operation results in a value that rounds down to zero, leading to a zero claim amount despite the bidder having participated in the auction.

Vulnerability Details

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L161

it is seen that auction 9templeGold) and bid tokens can be arbitrary and can be set and reset for different auctions, a bidder might receive a claim amount of zero even though they have contributed a non-zero amount of bid tokens. This scenario occurs when the product of bidTokenAmount and totalAuctionTokenAmount is less than totalBidTokenAmount. In such cases, the division operation results in a value that rounds down to zero, leading to a zero claim amount despite the bidder having participated in the auction.

While the probability of bidTokenAmount * totalAuctionTokenAmount < totalBidTokenAmount is low, it is still a possibility where:

• auction token decimals is 6 or 8 or < 18

• bid token decimals is 6 or 8 or < 18

• Popular pools with large bids for rewards

An example is a user Bob depositing 1 token with decimal of 6 in a pool with the reward of 10 temple gold and 2e12 bids, this would mean
10 * 10 x 1e12 / 2e12 will get zero rewards

Likelihood is Low, but impact is high as users reward will be zeroed out

Impact

High impact on users, as they lose their funds completely with no refund

Tools Used

Manual Review

Recommendations

• enforce high decimal tokens

• add logic for low bids users to ensure they get claims or refund in case of large totalBidAmount