TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Insufficient checks in `SpiceAuction::setAuctionConfig`

Beyond Audit

Summary

In the SpiceAuction contract, the setAuctionConfig function is intended to prevent configuration changes for past or active auctions. However, the current implementation only checks for active auctions, allowing potential reconfiguration of past auctions.

Vulnerability Details

function setAuctionConfig(SpiceAuctionConfig calldata _config) external override onlyDAOExecutor {
/// @dev epoch Id is only updated when auction starts.
/// @dev cannot set config for past or ongoing auction
uint256 currentEpochIdCache = _currentEpochId;
if (currentEpochIdCache > 0) {
EpochInfo storage info = epochs[currentEpochIdCache];
/// Cannot set config for ongoing auction
if (info.isActive()) { revert InvalidConfigOperation(); }
}
// ...
}

The comment states that it cannot set config for past or ongoing auction, but the code only checks if the current auction is active. This allows the DAOexecutor to change the configuration of past auctions, which should not be allowed.

Impact

Past auction configurations could be altered, DAOexecutor could retroactively change past auction parameters, as it shouldn't.

Tools Use

  • Manual review

Recommendations

Implement a check for past auctions:

function setAuctionConfig(SpiceAuctionConfig calldata _config) external override onlyDAOExecutor {
uint256 currentEpochIdCache = _currentEpochId;
if (currentEpochIdCache > 0) {
EpochInfo storage info = epochs[currentEpochIdCache];
// Check for both active and past auctions
if (info.isActive() || info.hasEnded()) { revert InvalidConfigOperation(); }
}
// ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.