TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

```setAuctionConfig``` can overwrite existing configuration

0xrststn

Summary

In SpiceAuction::setAuctionConfig, if this function is called more than once for the same epoch, it will inadvertently overwrite the existing config.

Vulnerability Details

Even though setAuctionConfig is only callable by daoExecutor, it could happen that, by mistake, an existing auction config gets inadvertently modified.

Proof of Concept

Add this test to SpiceAuction.t.sol

function test_OverWrite_Auction_config() public returns (ISpiceAuction.SpiceAuctionConfig memory config) {
config = _getAuctionConfig();
vm.startPrank(daoExecutor);
spice.setAuctionConfig(config);
//Assert that config has been updated. Just checking duration
assertEq(spice.getAuctionConfig(1).duration, 7 days);
config.duration = 15 days;
config.waitPeriod = 4 weeks;
config.minimumDistributedAuctionToken = 10 ether;
config.starter = bob;
config.startCooldown = 10 hours;
spice.setAuctionConfig(config);
//Assert that config has been updated. Just checking duration
assertEq(spice.getAuctionConfig(1).duration, 15 days);
vm.stopPrank();
}

Impact

Inadvertently overwriting an existing auction configuration.

Tools Used

Foundry

Recommendations

Check in setAuctionConfig whether there is an existing configuration set for this given epoch and if so revert. This way, removeAuctionConfig will have to be invoked before replacing an existing configuration so avoiding accidental modifications.
Add the following in setAuctionConfig:

if (auctionConfigs[_currentEpochId + 1].duration > 0) revert RemoveAuctionConfig();
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.