TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Auction ID Collision and Overwrite Vulnerability in `SpiceAuctionFactory`

Beyond Audit
## Summary
The ``SpiceAuctionFactory`` contract uses a hash-based ID system that doesn't account for cross-chain differences, potentially leading to auction ID collisions and overwriting of existing auctions. While the contract allows for deliberate overwrites during migrations, the lack of chain-specific identifiers and proper safeguards can lead to unintended consequences in a multi-chain setup.
## Vulnerability Details
On different chains, the same token may have different addresses. This could lead to situations where:
- A new auction on one chain unintentionally overwrites the ID of an existing auction on another chain.
- Users think they're interacting with the same auction across different chains, when in reality they are different instances.
## Impact
1. Potential loss of access to old auctions that are still active.
2. Risk of errors in cross-chain interactions if IDs aren't as expected.
## Recommendations
Implement a versioning system per chain:
```solidity
mapping(uint256 => mapping(bytes32 => address)) public chainToAuctionMapping;
function createAuction(uint256 chainId, address spiceToken, string memory name) external override onlyElevatedAccess returns (address) {
// ...
bytes32 pairId = _getPairHash(spiceToken);
require(chainToAuctionMapping[chainId][pairId] == address(0), "Auction already exists on this chain.");
deployedAuctions[pairId] = address(spiceAuction);
emit AuctionCreated(pairId, address(spiceAuction));
chainToAuctionMapping[chainId][pairId] = address(newAuction);
return address(spiceAuction);
}
```
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Overwriting of existing auctions in `SpiceAuctionFactory`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.