[M-2] `DaiGoldAuction::setAuctionConfig` prevents setting config even during the cooldown period (L69)
Github link
Vulnerability Details:
The setAuctionConfig function in the DaiGoldAuction contract is designed to allow the configuration of auction parameters. However, due to the validation logic, it does not permit setting the auction configuration even during the cooldown period. This restriction can hinder the ability to update the auction settings promptly.
Impact:
The inability to set the auction configuration during the cooldown period has several negative implications:
Operational Flexibility: Preventing the update of auction settings during the cooldown period limits the ability to adapt and respond to changing circumstances or correct mistakes in the auction configuration.
Administrative Efficiency: Administrators may find it challenging to manage the auction process effectively if they cannot set configurations as needed, potentially leading to operational inefficiencies.
Proof of Concept:
Below is the setAuctionConfig function, highlighting the validation that causes the vulnerability:
The following validation logic causes the issue:
if (!epochs[_currentEpochId].hasEnded()) revert InvalidOperation();
Recommended Mitigation:
To address this issue, modify the validation logic to allow setting the auction configuration during the cooldown period. This could involve checking if the current epoch is in a cooldown state rather than strictly requiring it to have ended.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.