auctionConfig and auctionStarter can't be set during ongoing auction
Summary
In DaiGoldAuction, auctionConfig and auctionStarter can't be set when auction is ongoing.
Vulnerability Details
In DaiGoldAuction, auctionConfig is set or updated using function setAuctionConfig. auctionStarter is set or updated using function setAuctionStarter. Both functions can only be set by an addresses having elevated access. However, both the functions have following conditions in it:
https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L69
https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L82
The above check restricts the address with elevated access to set auctionConfig and auctionStarter when any auction is live or in-cooldown. However, as auctionConfig and auctionStarter is only used to start an auction, updating these variables when an auction is live or in-cooldown won't affect the ongoing live or in-cooldown auction. Putting this checks in the functions restrict the ability to update or set these variables when there is any ongoing auction.
Impact
The vulnerability restricts the addresses with elevated access to set auctionConfig and auctionStarter when there is ongoing auction. Even if this checks are removed, it doesn't cause any issues in the contract.
Tools Used
Manual review
Recommendations
Remove the above mentioned checks from the function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.