TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The `bid` function in `SpiceAuction` doesn't actually support FOT tokens unlike stated in Known Issues

y4y

Summary

In the Known Issues section of README, the team states that FOT tokens are known issues, but they have support over it. However, the reality is that it doesn't, and when FOT and rebasing tokens are used for auctions, it will fail.

Vulnerability Details

In this snippet of SpiceAuction.bid() function, we see the amount is determined by finding the difference between the balance before and after transfer:

uint256 _bidTokenAmountBefore = IERC20(bidToken).balanceOf(_recipient);
IERC20(bidToken).safeTransferFrom(msg.sender, _recipient, amount);
uint256 _bidTokenAmountAfter = IERC20(bidToken).balanceOf(_recipient);
// fee on transfer tokens
if (amount != _bidTokenAmountAfter - _bidTokenAmountBefore) { revert CommonEventsAndErrors.InvalidParam(); }

However, when a token is FOT, the actual transferred amount will be a bit less than amount, as fees are deducted during transfer. This makes the balance difference to never match the exact amount, and will always revert.

Impact

Claimed support for FOT tokens are actually not supported.

Tools Used

Manual review

Recommendations

If as mentioned in README, FOTs can be supported, remove the balance difference check, and record the actual transferred value users have bid.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.