TempleGold

TempleDAO

TempleGold

Foundry
25,000 USDC
Ended
Submission Details
Severity: high
Invalid

Absence of minimum bid amount and minimum bidders in bid function can be critical for protocol

Summary

The bid function lacks a minimum bid amount and a minimum number of bidders, leading to a critical vulnerability.

Vulnerability Details

If no one places a bid within a week and a single user bids 1 DAI, that user will receive all the minted TGLDs for just 1 DAI.

Scenario 1:

  1. Users place bids normally, with a total TGLD minted amount of 1 million and total bids of 100,000 DAIs.

  2. Users receive 10 TGLDs per DAI they bid.

  3. In this scenario, the exchange rate is 1 DAI = 10 TGLD.

Scenario 2:

  1. Only one user bids 1 DAI because there is no minimum bid amount.

  2. 1 million TGLD are minted.

  3. The user receives 1 million TGLD for 1 DAI.

  4. In this scenario, the exchange rate is 1 DAI = 1,000,000 TGLD.

Even if the minted amount is reduced in the second scenario, the user will still receive at least 10,000 TGLD for 1 DAI.

Impact

This vulnerability can lead to severe economic imbalances and exploitation. A single bidder could potentially acquire a disproportionate amount of TGLD for a minimal bid, undermining the token's value and the fairness of the bidding process.

Tools Used

Manual Review

Recommendations

Implement a mechanism to check the number of bidders and set a minimum bid amount to prevent scenarios like Scenario 2 from occurring. This will ensure a fair and balanced bidding process.

Updates

Community Judging Commences

Community Judging Judge
6 months ago
Community Judgement Published
87.5% Invalid

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.

Cyfrin
Updraft
CodeHawks
Solodit
Resources