TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Unsold tokens from DaiGoldAuction contract will be stuck in the protocol, after the auction concludes

myrault9

Summary

Unsold tokens from DaiGoldAuction contract will be stuck in the protocol, after the auction concludes

Vulnerability Details

Temple Gold is a non-transferrable ERC20 token with LayerZero integration for cross-chain transfer for holders, and some of the tokens will be mint to the DaiGoldAuction contract as auction items

function _distribute(DistributionParams storage params, uint256 mintAmount) private {

uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);

if (stakingAmount > 0) {

_mint(address(staking), stakingAmount);

staking.notifyDistribution(stakingAmount);

}

uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);

if (escrowAmount > 0) {

_mint(address(escrow), escrowAmount); // @audit: here

escrow.notifyDistribution(escrowAmount);

}

In the DaiGoldAuction auction contract, there is a possibility that the auction items cannot be completely spent, such as there are no buyers in a certain round of auctions, or in extreme cases, there are no buyers in the entire auction. Then the tokens minted from the TempleGold contract to the DaiGoldAuction contract cannot be fully transferred to the user, which means that Unsold tokens will be generated. In this case, these tokens will be stuck in the protocol

Impact

Unsold tokens from DaiGoldAuction auction, will be stuck in the protocol

Tools Used

Manual review

Recommendations

Implement a function, that allows protocol to withdraw the amount left for the auction they have created, once the auction has concluded.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Auctioned tokens cannot be recovered for epochs with empty bids in DaiGoldAuction

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.