depositors record can't be deleted if templeGold token is rescued
Summary
When recoverToken is executed and the token is templeGold -depositors record for the bidders can't be deleted.
Vulnerability Details
When recoverToken is executed and the token is templeGold - the current epoch record is deleted which sets startTime to 0 and hasEnded would be false.
This leads us to the claim function, which reverts when both the above conditions are met
```
function claim(uint256 epochId) external virtual override {
/// @notice cannot claim for current live epoch
EpochInfo storage info = epochs[epochId];
if (!info.hasEnded()) { revert CannotClaim(epochId); }
/// @dev epochId could be invalid. eg epochId > _currentEpochId
if (info.startTime == 0) { revert InvalidEpoch(); }
\
uint256 bidTokenAmount = depositors[msg.sender][epochId];
if (bidTokenAmount == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }
\
delete depositors[msg.sender][epochId];
uint256 claimAmount = bidTokenAmount.mulDivRound(info.totalAuctionTokenAmount, info.totalBidTokenAmount, false);
templeGold.safeTransfer(msg.sender, claimAmount);
emit Claim(msg.sender, epochId, bidTokenAmount, claimAmount);
}
```
Impact
Depositors array can't be deleted and depositors can't take their tokens back alone.
Tools Used
Manual review
Recommendations
Implement proper checks for this scenario, return their tokens directly when deteling the epoch record.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.