Manipulatable Balance Calculation in Spice Auction Contract
Summary
A vulnerability has been identified in the auction contract where the calculation of available auction tokens for an epoch is based on the balance of tokens held by the contract. This balance is retrieved using the balanceOf(address(this)) function. This approach is susceptible to manipulation, as external actors can transfer tokens to the contract, artificially inflating its balance and potentially disrupting the auction token distribution.
Vulnerability Details
The balance of tokens is used directly for calculations:
Impact
The vulnerability allows an attacker to manipulate the contract’s token balance by transferring tokens to the contract address. This manipulation can lead to:
Incorrect Token Distribution: The contract may distribute an incorrect amount of tokens during the auction, either over-allocating or under-allocating tokens.
Disrupted Auction Dynamics: The integrity of the auction process is compromised, potentially leading to unfair or unintended outcomes.
Tools Used
Manual Review
Recommendations
To prevent this vulnerability, it is recommended to use internal accounting to track the intended token balances within the contract. This involves maintaining an internal variable to track token deposits and using this variable for all balance-related calculations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.